The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability.
References
Link | Resource |
---|---|
https://me.sap.com/notes/3366410 | Permissions Required |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
https://me.sap.com/notes/3366410 | Permissions Required |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Configurations
History
21 Nov 2024, 08:22
Type | Values Removed | Values Added |
---|---|---|
References | () https://me.sap.com/notes/3366410 - Permissions Required | |
References | () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory |
20 Nov 2023, 19:59
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:* | |
First Time |
Sap netweaver Application Server Java
Sap |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
References | () https://me.sap.com/notes/3366410 - Permissions Required | |
References | () https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html - Vendor Advisory |
14 Nov 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-11-14 01:15
Updated : 2024-11-21 08:22
NVD link : CVE-2023-42480
Mitre link : CVE-2023-42480
CVE.ORG link : CVE-2023-42480
JSON object : View
Products Affected
sap
- netweaver_application_server_java
CWE
CWE-307
Improper Restriction of Excessive Authentication Attempts