CVE-2023-41366

MEDIUM

SAP NetWeaver Application Server ABAP - Info Disclosure

Title source: llm

Description

Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, allows an unauthenticated attacker to access the unintended data due to the lack of restrictions applied which may lead to low impact in confidentiality and no impact on the integrity and availability of the application.

References (2)

Core 2

Core References

Permissions Required

https://me.sap.com/notes/3362849

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 5.3

EPSS 0.0022

EPSS Percentile 44.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-497

Status published

Products (15)

sap/netweaver_application_server_abap kernel_7.22

sap/netweaver_application_server_abap kernel_7.53

sap/netweaver_application_server_abap kernel_7.54

sap/netweaver_application_server_abap kernel_7.77

sap/netweaver_application_server_abap kernel_7.85

sap/netweaver_application_server_abap kernel_7.89

sap/netweaver_application_server_abap kernel_7.91

sap/netweaver_application_server_abap kernel_7.92

sap/netweaver_application_server_abap kernel_7.93

sap/netweaver_application_server_abap kernel_7.94

... and 5 more

Published Nov 14, 2023

Tracked Since Feb 18, 2026