← Back to CVEs
CVE-2023-30744
HIGH8.2
Description
In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and authentication. A subsequent call to one of these methods can read or change the state of existing services without any effect on availability.
CVE Details
CVSS v3.1 Score8.2
SeverityHIGH
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published5/9/2023
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
sap:netweaver_application_server_for_java
Weaknesses (CWE)
CWE-306
References
https://launchpad.support.sap.com/#/notes/3317453(cna@sap.com)
https://launchpad.support.sap.com/#/notes/3317453(af854a3a-2127-422b-91ae-364da2661108)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.