First published: Tue Mar 14 2023(Updated: )
Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to an arbitrary URL which can reveal, modify or make unavailable non-sensitive information, leading to low impact on Confidentiality, Integrity and Availability.
Credit: cna@sap.com
Affected Software | Affected Version | How to fix |
---|---|---|
SAP NetWeaver Application Server ABAP | =700 | |
SAP NetWeaver Application Server ABAP | =701 | |
SAP NetWeaver Application Server ABAP | =702 | |
SAP NetWeaver Application Server ABAP | =731 | |
SAP NetWeaver Application Server ABAP | =740 | |
SAP NetWeaver Application Server ABAP | =750 | |
SAP NetWeaver Application Server ABAP | =751 | |
SAP NetWeaver Application Server ABAP | =752 | |
SAP NetWeaver Application Server ABAP | =753 | |
SAP NetWeaver Application Server ABAP | =754 | |
SAP NetWeaver Application Server ABAP | =755 | |
SAP NetWeaver Application Server ABAP | =756 | |
SAP NetWeaver Application Server ABAP | =757 | |
SAP NetWeaver Application Server ABAP | =791 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2023-26459 is high with a severity value of 7.4.
An attacker authenticated as a non-administrative user can exploit CVE-2023-26459 by crafting a request to trigger the application server.
The versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, and 791 of SAP NetWeaver AS for ABAP and ABAP Platform are affected by CVE-2023-26459.
To fix CVE-2023-26459, it is recommended to apply the necessary patches provided by SAP.
You can find more information about CVE-2023-26459 in the SAP Note 3296346 and the SAP document.