CVE-2023-2827

HIGH

SAP Digital Manufacturing JWT Signature Validation Bypass

Title source: llm

Description

SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing. Therefore, unauthorized callers from the internal network could send service requests to PCo or the Production Connector, which could have an impact on the integrity of the integration with SAP Digital Manufacturing.

References (2)

Core 2

Core References

Permissions Required

https://launchpad.support.sap.com/#/notes/3301942

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 7.9

EPSS 0.0010

EPSS Percentile 26.3%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:L/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-306

Status published

Products (2)

sap/digital_manufacturing 1.0

sap/plant_connectivity 15.5

Published Jun 13, 2023

Tracked Since Feb 18, 2026