Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-26459

Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to an arbitrary URL which can reveal, modify or make unavailable non-sensitive information, leading to low impact on Confidentiality, Integrity and Availability.

Published

2023-03-14T05:15:30.160

Last Modified

2024-11-21T07:51:31.410

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.4 (HIGH)

Weaknesses
  • Type: Primary
    CWE-918
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application sap netweaver_application_server_abap 700 Yes
Application sap netweaver_application_server_abap 701 Yes
Application sap netweaver_application_server_abap 702 Yes
Application sap netweaver_application_server_abap 731 Yes
Application sap netweaver_application_server_abap 740 Yes
Application sap netweaver_application_server_abap 750 Yes
Application sap netweaver_application_server_abap 751 Yes
Application sap netweaver_application_server_abap 752 Yes
Application sap netweaver_application_server_abap 753 Yes
Application sap netweaver_application_server_abap 754 Yes
Application sap netweaver_application_server_abap 755 Yes
Application sap netweaver_application_server_abap 756 Yes
Application sap netweaver_application_server_abap 757 Yes
Application sap netweaver_application_server_abap 791 Yes
References