SQL Injection in Sap Netweaver_application_server_abap

CVE-2023-49581

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a d…

Vulnerability class: SQL Injection

EPSS: 0.005 (39.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.1 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2023-49581?
CVE-2023-49581 is a medium-severity vulnerability in Sap Netweaver_application_server_abap, classified under SQL Injection. CVSS score: 4.1/10. Published 2023-12-12.
How severe is CVE-2023-49581?
Medium severity. CVSS v3 base score is 4.1 out of 10.