CVE-2023-24527
First published: Tue Apr 11 2023(Updated: )
SAP NetWeaver AS Java for Deploy Service - version 7.5, does not perform any access control checks for functionalities that require user identity enabling an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access a service which will enable them to access but not modify server settings and data with no effect on availability and integrity.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver AS Java for Deploy Service | =7.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SAP NetWeaver AS Java for Deploy Service vulnerability?
The vulnerability ID for this SAP NetWeaver AS Java for Deploy Service vulnerability is CVE-2023-24527.
What is the severity rating for CVE-2023-24527?
CVE-2023-24527 has a severity rating of medium, with a CVSS score of 5.3.
Which version of SAP NetWeaver AS Java for Deploy Service is affected by this vulnerability?
This vulnerability affects version 7.5 of SAP NetWeaver AS Java for Deploy Service.
What is the impact of the vulnerability?
The vulnerability allows an unauthenticated attacker to access a service and perform unauthorized actions.
Are there any recommendations for mitigating this vulnerability?
Yes, SAP has provided recommendations to address this vulnerability. Please refer to the references for more information.
- collector/nvd-index
- agent/author
- vendor/sap
- canonical/sap netweaver as java for deploy service
- version/sap netweaver as java for deploy service/7.5