Main Vulnerability Database Vulnerabilities #VU78835

#VU78835 Improper Verification of Cryptographic Signature in Production Connector for SAP Digital Manufacturing and SAP Plant Connectivity - CVE-2023-2827

Published: August 1, 2023

Vulnerability identifier: #VU78835

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-2827

CWE-ID: CWE-347

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Production Connector for SAP Digital Manufacturing
SAP Plant Connectivity

Software vendor:
SAP

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exists due to improper verification of cryptographic signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing. A remote attacker can perform MitM attack.

Remediation

Install updates from vendor's website.

External links

https://dam.sap.com/mac/app/e/pdf/preview/embed/ucQrx6G?ltr=a&rc=10&june2023

#VU78835 Improper Verification of Cryptographic Signature in Production Connector for SAP Digital Manufacturing and SAP Plant Connectivity - CVE-2023-2827

Description

Remediation

External links

Please verify you're human