CVE-2023-49581

MEDIUM

SAP NetWeaver Application Server ABAP - Unauthenticated SQL Injection and Data Manipulation

Title source: llm

Description

SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability.

References (2)

Core 2

Core References

Permissions Required, Vendor Advisory

https://me.sap.com/notes/3392547

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 4.1

EPSS 0.0007

EPSS Percentile 21.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L

Details

CWE

CWE-89

Status published

Products (4)

sap/netweaver_application_server_abap 700

sap/netweaver_application_server_abap 731

sap/netweaver_application_server_abap 740

sap/netweaver_application_server_abap 750

Published Dec 12, 2023

Tracked Since Feb 18, 2026