CVE-2023-28761: Missing Authentication check in SAP NetWeaver Enterprise Portal
First published: Tue Apr 11 2023(Updated: )
In SAP NetWeaver Enterprise Portal - version 7.50, an unauthenticated attacker can attach to an open interface and make use of an open API to access a service which will enable them to access or modify server settings and data, leading to limited impact on confidentiality and integrity.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Enterprise Portal | =7.50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this SAP NetWeaver Enterprise Portal vulnerability?
The vulnerability ID is CVE-2023-28761.
What is the severity rating of CVE-2023-28761?
CVE-2023-28761 has a severity rating of 6.5 (medium).
How does the vulnerability CVE-2023-28761 impact confidentiality and integrity?
The vulnerability can lead to limited impact on confidentiality and integrity.
Which version of SAP NetWeaver Enterprise Portal is affected by CVE-2023-28761?
Version 7.50 of SAP NetWeaver Enterprise Portal is affected.
Is authentication required for an attacker to exploit CVE-2023-28761?
No, an unauthenticated attacker can exploit this vulnerability.
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/title
- agent/author
- agent/softwarecombine
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- vendor/sap
- canonical/sap netweaver enterprise portal
- version/sap netweaver enterprise portal/7.50