Unauthenticated Access and Data Manipulation Vulnerability in SAP GUI

Unauthenticated Access and Data Manipulation Vulnerability in SAP GUI

CVE-2023-49581 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability.

Learn more about our Web Application Penetration Testing UK.