Unauthenticated Access and Modification of SAP NetWeaver Enterprise Portal Settings and Data

Unauthenticated Access and Modification of SAP NetWeaver Enterprise Portal Settings and Data

CVE-2023-28761 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity.

Learn more about our Cis Benchmark Audit For Server Software.