CVE-2023-23853

Summary

An unauthenticated attacker in AP NetWeaver Application Server for ABAP and ABAP Platform - versions 700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, can craft a link which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack. Vulnerability has no direct impact on availability.

Affected Software

VendorProductVersion RangeStatus
SAPNetWeaver Application Server for ABAP and ABAP Platform700affected
SAPNetWeaver Application Server for ABAP and ABAP Platform702affected
SAPNetWeaver Application Server for ABAP and ABAP Platform731affected
SAPNetWeaver Application Server for ABAP and ABAP Platform740affected
SAPNetWeaver Application Server for ABAP and ABAP Platform750affected
SAPNetWeaver Application Server for ABAP and ABAP Platform751affected
SAPNetWeaver Application Server for ABAP and ABAP Platform752affected
SAPNetWeaver Application Server for ABAP and ABAP Platform753affected
SAPNetWeaver Application Server for ABAP and ABAP Platform754affected
SAPNetWeaver Application Server for ABAP and ABAP Platform755affected
SAPNetWeaver Application Server for ABAP and ABAP Platform756affected
SAPNetWeaver Application Server for ABAP and ABAP Platform757affected
SAPNetWeaver Application Server for ABAP and ABAP Platform789affected
SAPNetWeaver Application Server for ABAP and ABAP Platform790affected

Weaknesses

  • CWE-601: CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References