CVE-2023-42480: Information Disclosure in NetWeaver AS Java Logon
First published: Tue Nov 14 2023(Updated: )
The unauthenticated attacker in NetWeaver AS Java Logon application - version 7.50, can brute force the login functionality to identify the legitimate user ids. This will have an impact on confidentiality but there is no other impact on integrity or availability.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Application Server Java | =7.50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2023-42480.
What is the title of the vulnerability?
The title of the vulnerability is Information Disclosure in NetWeaver AS Java Logon.
What is the impact of this vulnerability?
This vulnerability has an impact on confidentiality but there is no other impact on integrity or availability.
What is the affected software?
The affected software is SAP NetWeaver Application Server Java version 7.50.
What is the severity of this vulnerability?
The severity of this vulnerability is medium (CVSS score: 5.3).
How can an attacker exploit this vulnerability?
An unauthenticated attacker can brute force the login functionality of NetWeaver AS Java Logon application version 7.50 to identify legitimate user IDs.
Is there a fix for this vulnerability?
Yes, please refer to the official SAP notes and documentation for the recommended fix.
- collector/mitre-cve
- collector/nvd-api
- vendor/sap
- canonical/sap netweaver application server java
- version/sap netweaver application server java/7.50