CVE-2023-26461

Published Mar 14, 2023

Last updated 2 years ago

Overview

Description: SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed will enable them to access but not modify sensitive files and data. It allows the attacker to view sensitive data which is owned by certain privileges.
Source: cna@sap.com
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 3.1

Type: Primary
Base score: 4.9
Impact score: 3.6
Exploitability score: 1.2
Vector string: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

cna@sap.com: CWE-611

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:netweaver_enterprise_portal:7.50:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D91F9D76-39D6-4D5E-BFAE-892CB8C30A79"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References