Published: 14/03/2023 Updated: 11/04/2023

CVSS v3 Base Score: 8.6 | Impact Score: 4.7 | Exploitability Score: 3.9

VMScore: 0

Subscribe to Netweaver Application Server For Java

Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated malicious user to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services across systems. On a successful exploitation, the attacker can read and modify some sensitive information but can also be used to lock up any element or operation of the system making that it unresponsive or unavailable.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap netweaver application server for java 7.50

Crims exploit Microsoft, Fortinet flaws before any patches exist

The Register

Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources The outlook is grim for Outlook - and SAP, Adobe. Android, and Chrome - so get ready for a long update party

Patch Tuesday Microsoft's March Patch Tuesday includes new fixes for 74 bugs, two of which are already being actively exploited, and nine that are rated critical. Let's start with the two that miscreants found before Redmond issued a fix. First up: prioritize patching CVE-2023-23397, a privilege elevation bug in Microsoft Outlook that received a 9.8 out of 10 CVSS rating. While details of the hole haven't been publicly disclosed, it has already been exploited in the wild, and Microsoft lists its...

CVE-2023-23857

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect