CVE-2023-24526
First published: Tue Mar 14 2023(Updated: )
SAP NetWeaver Application Server Java for Classload Service - version 7.50, does not perform any authentication checks for functionalities that require user identity, resulting in escalation of privileges. This failure has a low impact on confidentiality of the data such that an unassigned user can read non-sensitive server data.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Application Server Java | =7.50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this security issue?
The vulnerability ID is CVE-2023-24526.
What is the severity level of CVE-2023-24526?
The severity level of CVE-2023-24526 is medium (5.3).
What does SAP NetWeaver Application Server Java for Classload Service version 7.50 vulnerability allow?
The vulnerability allows an unauthenticated user to escalate privileges.
How can I fix the SAP NetWeaver Application Server Java for Classload Service version 7.50 vulnerability?
To fix the vulnerability, update to a version of SAP NetWeaver Application Server Java that includes the necessary authentication checks.
Where can I find more information about CVE-2023-24526?
You can find more information about CVE-2023-24526 in the SAP Security Notes and SAP documentation provided in the references section.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/type
- agent/event
- vendor/sap
- canonical/sap netweaver application server java
- version/sap netweaver application server java/7.50