Main Vulnerability Database Vulnerabilities #VU87307

#VU87307 Missing Authentication for Critical Function in SAP NetWeaver AS JAVA - CVE-2023-30744

Published: March 8, 2024

Vulnerability identifier: #VU87307

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2023-30744

CWE-ID: CWE-306

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
SAP NetWeaver AS JAVA

Software vendor:
SAP

Description

The vulnerability allows a remote attacker to modify data on the system.

The vulnerability exists due to excessive data output by the application. A remote attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and authentication.

Remediation

Install updates from vendor's website.

External links

https://launchpad.support.sap.com/#/notes/3317453
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

#VU87307 Missing Authentication for Critical Function in SAP NetWeaver AS JAVA - CVE-2023-30744

Description

Remediation

External links

Please verify you're human