CVE-2023-30744
Last modified
CVE-2023-30744 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and authentication. A subsequent call to one of these methods can read or change the state of existing services without any effect on availability. . EPSS estimates a 0.62% chance of exploitation in the next 30 days.
Description
In SAP AS NetWeaver JAVA - versions SERVERCORE 7.50, J2EE-FRMW 7.50, CORE-TOOLS 7.50, an unauthenticated attacker can attach to an open interface and make use of an open naming and directory API to instantiate an object which has methods which can be called without further authorization and authentication. A subsequent call to one of these methods can read or change the state of existing services without any effect on availability.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Application Server For Java | 7.50 |
References
- https://launchpad.support.sap.com/#/notes/3317453Permissions Required
- https://launchpad.support.sap.com/#/notes/3317453Permissions Required
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-30744?
How severe is CVE-2023-30744?
How do I fix CVE-2023-30744?
Are you affected by CVE-2023-30744?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST