CVE-2023-0017
moderate-risk
Published 2023-01-10
An unauthenticated attacker in SAP NetWeaver AS for Java - version 7.50, due to improper access control, can attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and data on the current system. This could allow the attacker to have full read access to user data, make modifications to user data, and make services within the system unavailable.
Do I need to act?
~
4.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.4/10
Critical
NETWORK
/ LOW complexity
Affected Products (1)
Netweaver Application Server For Java
Affected Vendors
References (4)
Permissions Required
https://launchpad.support.sap.com/#/notes/3268093
Permissions Required
https://launchpad.support.sap.com/#/notes/3268093
44
/ 100
moderate-risk
Severity
31/34 · Critical
Exploitability
8/34 · Low
Exposure
5/34 · Minimal