CVE-2023-23860

Summary

SAP NetWeaver AS for ABAP and ABAP Platform - versions 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790, allows an unauthenticated attacker to craft a link, which when clicked by an unsuspecting user can be used to redirect a user to a malicious site which could read or modify some sensitive information or expose the victim to a phishing attack.

Affected Software

VendorProductVersion RangeStatus
SAPNetWeaver AS for ABAP and ABAP Platform740affected
SAPNetWeaver AS for ABAP and ABAP Platform750affected
SAPNetWeaver AS for ABAP and ABAP Platform751affected
SAPNetWeaver AS for ABAP and ABAP Platform752affected
SAPNetWeaver AS for ABAP and ABAP Platform753affected
SAPNetWeaver AS for ABAP and ABAP Platform754affected
SAPNetWeaver AS for ABAP and ABAP Platform755affected
SAPNetWeaver AS for ABAP and ABAP Platform756affected
SAPNetWeaver AS for ABAP and ABAP Platform757affected
SAPNetWeaver AS for ABAP and ABAP Platform789affected
SAPNetWeaver AS for ABAP and ABAP Platform790affected

Weaknesses

  • CWE-601: CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References