CVE-2023-26459: Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-26459

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Server Side Request Forgery (SSRF) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform

Source: NVD (National Vulnerability Database)

Vulnerability Description

Due to improper input controls In SAP NetWeaver AS for ABAP and ABAP Platform - versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791, an attacker authenticated as a non-administrative user can craft a request which will trigger the application server to send a request to an arbitrary URL which can reveal, modify or make unavailable non-sensitive information, leading to low impact on Confidentiality, Integrity and Availability.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

服务端请求伪造(SSRF)

Source: NVD (National Vulnerability Database)

Vulnerability Title

SAP NetWeaver AS 代码问题漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

SAP NetWeaver AS是德国思爱普（SAP）公司的一款SAP网络应用服务器。它不仅能提供网络服务，且还是SAP软件的基本平台。 SAP NetWeaver AS存在代码问题漏洞，该漏洞源于不正确的输入控制，攻击者利用该漏洞可以显示、修改或使非敏感信息不可用。以下产品和版本受到影响：SAP NetWeaver AS 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 791版本。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
SAP	NetWeaver AS for ABAP and ABAP Platform	700	-

II. Public POCs for CVE-2023-26459

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-26459

Please Login to view more intelligence information

IV. Related Vulnerabilities

Same product: NetWeaver AS for ABAP and ABAP Platform

Same vendor: SAP

Same weakness: CWE-918

V. Comments for CVE-2023-26459

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

I. Basic Information for CVE-2023-26459

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-26459

III. Intelligence Information for CVE-2023-26459

IV. Related Vulnerabilities

V. Comments for CVE-2023-26459

Leave a comment