SB2023080132 - MitM attack in SAP Plant Connectivity
Published: August 1, 2023
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2023-2827)
CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper verification of cryptographic signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing. A remote attacker can perform MitM attack.
Remediation
Install update from vendor's website.