CVE-2023-26461
Last modified
CVE-2023-26461 is a medium-severity vulnerability rated 4.9/10 on the CVSS scale. SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed will enable them to access but not modify sensitive files and data. It allows the attacker to view sensitive data which is owned by certain privileges. . EPSS estimates a 0.52% chance of exploitation in the next 30 days.
Description
SAP NetWeaver allows (SAP Enterprise Portal) - version 7.50, allows an authenticated attacker with sufficient privileges to access the XML parser which can submit a crafted XML file which when parsed will enable them to access but not modify sensitive files and data. It allows the attacker to view sensitive data which is owned by certain privileges.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Enterprise Portal | 7.50 |
References
- https://launchpad.support.sap.com/#/notes/3284550Permissions Required
- https://launchpad.support.sap.com/#/notes/3284550Permissions Required
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-26461?
How severe is CVE-2023-26461?
How do I fix CVE-2023-26461?
Are you affected by CVE-2023-26461?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST