SQL Injection in Sap Netweaver_application_server_abap
CVE-2023-49581
SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a d…
Vulnerability class: SQL Injection
EPSS: 0.005 (39.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.1 (Medium). Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L.
Affected products
- Sap Netweaver_application_server_abap — versions 700, 731, 740
- Sap_se Sap Netweaver Application Server Abap And Platform — versions SAP_BASIS 700, SAP_BASIS731, SAP_BASIS740
Weakness classification (CWE)
References
- cna@sap.com (Permissions Required, Vendor Advisory)
- cna@sap.com (Vendor Advisory)
Frequently asked questions
- What is CVE-2023-49581?
- CVE-2023-49581 is a medium-severity vulnerability in Sap Netweaver_application_server_abap, classified under SQL Injection. CVSS score: 4.1/10. Published 2023-12-12.
- How severe is CVE-2023-49581?
- Medium severity. CVSS v3 base score is 4.1 out of 10.