CVE-2023-49580

HIGH

SAP Graphical User Interface - Incorrect Permission Assignment

Title source: rule

Description

SAP GUI for Windows and SAP GUI for Java - versions SAP_BASIS 755, SAP_BASIS 756, SAP_BASIS 757, SAP_BASIS 758, allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to create Layout configurations of the ABAP List Viewer and with this causing a mild impact on integrity and availability, e.g. also increasing the response times of the AS ABAP.

References (2)

Core 2

Core References

Permissions Required, Vendor Advisory

https://me.sap.com/notes/3385711

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 7.3

EPSS 0.0013

EPSS Percentile 31.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-732

Status published

Products (4)

sap/graphical_user_interface sap_basis_755 (2 CPE variants)

sap/graphical_user_interface sap_basis_756 (2 CPE variants)

sap/graphical_user_interface sap_basis_757 (2 CPE variants)

sap/graphical_user_interface sap_basis_758 (2 CPE variants)

Published Dec 12, 2023

Tracked Since Feb 18, 2026