| |
Podatność CVE-2023-41367
Publikacja: 2023-09-12
| Opis: |
Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver (Guided Procedures) - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user??s email address. There is no integrity/availability impact.
|
Typ:
CWE-306 (Missing Authentication for Critical Function)
Referencje: |
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://me.sap.com/notes/3348142
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
Polish
English