Main Vulnerability Database Vulnerabilities #VU84580

#VU84580 Improper access control in SAP GUI for Windows - CVE-2023-49580

Published: December 19, 2023

Vulnerability identifier: #VU84580

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-49580

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
SAP GUI for Windows

Software vendor:
SAP

Description

The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions in SAP GUI for Windows and SAP GUI for Java. A remote attacker can bypass implemented security restrictions and gain access to sensitive information or create Layout configurations of the ABAP List Viewer.

Remediation

Install updates from vendor's website.

External links

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html#2023-12

#VU84580 Improper access control in SAP GUI for Windows - CVE-2023-49580

Description

Remediation

External links

Please verify you're human