CVE-2023-42477
MEDIUMSAP NetWeaver AS Java 7.50 - Server-Side Request Forgery in GRMG Heartbeat Application
Title source: llmDescription
SAP NetWeaver AS Java (GRMG Heartbeat application) - version 7.50, allows an attacker to send a crafted request from a vulnerable web application, causing limited impact on confidentiality and integrity of the application.
References (2)
Core 2
Core References
Permissions Required
https://me.sap.com/notes/3333426
Scores
CVSS v3
6.5
EPSS
0.0009
EPSS Percentile
25.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
partial
Details
CWE
CWE-918
Status
published
Products (1)
sap/netweaver_application_server_java
7.50
Published
Oct 10, 2023
Tracked Since
Feb 18, 2026