CVE-2023-49587: Command Injection vulnerability in SAP Solution Manager
First published: Tue Dec 12 2023(Updated: )
SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Solution Manager | =720 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-49587?
CVE-2023-49587 is classified as a critical vulnerability due to the potential for unauthorized data access and modification.
How do I fix CVE-2023-49587?
To mitigate CVE-2023-49587, apply the latest security patches provided by SAP for Solution Manager version 720.
Who is affected by CVE-2023-49587?
CVE-2023-49587 affects users of SAP Solution Manager version 720.
What types of attacks can CVE-2023-49587 enable?
CVE-2023-49587 can enable attacks that allow unauthorized reading or modification of data across components without user interaction.
Is user authorization sufficient to mitigate CVE-2023-49587?
No, user authorization is not sufficient as CVE-2023-49587 allows authorized attackers to exploit deprecated function modules.
- agent/references
- agent/type
- agent/event
- agent/softwarecombine
- agent/first-publish-date
- agent/weakness
- agent/author
- agent/severity
- agent/title
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap netweaver solution manager
- version/sap netweaver solution manager/720