CVE-2023-26461

MEDIUM

SAP NetWeaver 7.50 - Info Disclosure

Title source: llm

Description

SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed will enable them to access but not modify sensitive files and data. It allows the attacker to view sensitive data which is owned by certain privileges.

References (2)

Core 2

Core References

Permissions Required

https://launchpad.support.sap.com/#/notes/3284550

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 6.8

EPSS 0.0026

EPSS Percentile 49.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-611

Status published

Products (1)

sap/netweaver_enterprise_portal 7.50

Published Mar 14, 2023

Tracked Since Feb 18, 2026