Unauthenticated Access to Admin View and Email Address Disclosure in SAP NetWeaver (Guided Procedures) - Version 7.50

Unauthenticated Access to Admin View and Email Address Disclosure in SAP NetWeaver (Guided Procedures) - Version 7.50

CVE-2023-41367 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver (Guided Procedures) - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user’s email address. There is no integrity/availability impact.

Learn more about our Web App Pen Testing.