CVE-2023-49578 - OpenCVE

SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity of the application.

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact Low

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Sap	Cloud Connector

Configuration 1 [-]

cpe:2.3:a:sap:cloud_connector:2.0:*:*:*:*:*:*:*

References

Link	Resource
https://me.sap.com/notes/3362463	Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: sap

Published: 2023-12-12T01:08:32.245Z

Updated: 2023-12-12T01:08:32.245Z

Reserved: 2023-11-27T18:07:40.886Z

Link: CVE-2023-49578

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-12-12T02:15:07.283

Modified: 2023-12-15T14:32:38.473

Link: CVE-2023-49578

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sap:cloud_connector:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "99EB55F1-1E25-41FC-8939-6A410BF3790F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "SAP Cloud Connector - version 2.0, allows an authenticated user with low privilege to perform Denial of service attack from adjacent UI by sending a malicious request which leads to low impact on the availability and no impact on confidentiality or Integrity\u00a0 of the application.\n\n"}, {"lang": "es", "value": "SAP Cloud Connector: versi\u00f3n 2.0, permite a un usuario autenticado con privilegios bajos realizar un ataque de denegaci\u00f3n de servicio desde la interfaz de usuario adyacente mediante el env\u00edo de una solicitud maliciosa que genera un impacto bajo en la disponibilidad y ning\u00fan impacto en la confidencialidad o integridad de la aplicaci\u00f3n."}], "id": "CVE-2023-49578", "lastModified": "2023-12-15T14:32:38.473", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "LOW", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "cna@sap.com", "type": "Secondary"}]}, "published": "2023-12-12T02:15:07.283", "references": [{"source": "cna@sap.com", "tags": ["Permissions Required"], "url": "https://me.sap.com/notes/3362463"}, {"source": "cna@sap.com", "tags": ["Vendor Advisory"], "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"}], "sourceIdentifier": "cna@sap.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-400"}], "source": "cna@sap.com", "type": "Secondary"}]}