CVE-2023-26459

Summary

Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to an arbitrary URL which can reveal, modify or make unavailable non-sensitive information, leading to low impact on Confidentiality, Integrity and Availability.

Affected Software

VendorProductVersion RangeStatus
SAPNetWeaver AS for ABAP and ABAP Platform700affected
SAPNetWeaver AS for ABAP and ABAP Platform701affected
SAPNetWeaver AS for ABAP and ABAP Platform702affected
SAPNetWeaver AS for ABAP and ABAP Platform731affected
SAPNetWeaver AS for ABAP and ABAP Platform740affected
SAPNetWeaver AS for ABAP and ABAP Platform750affected
SAPNetWeaver AS for ABAP and ABAP Platform751affected
SAPNetWeaver AS for ABAP and ABAP Platform752affected
SAPNetWeaver AS for ABAP and ABAP Platform753affected
SAPNetWeaver AS for ABAP and ABAP Platform754affected
SAPNetWeaver AS for ABAP and ABAP Platform755affected
SAPNetWeaver AS for ABAP and ABAP Platform756affected
SAPNetWeaver AS for ABAP and ABAP Platform757affected
SAPNetWeaver AS for ABAP and ABAP Platform791affected

Weaknesses

  • CWE-918: CWE-918: Server-Side Request Forgery (SSRF)

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References