Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Missing Authentication check in SAP NetWeaver (Guided Procedures)
Vulnerability Description
Due to missing authentication check in webdynpro application, an unauthorized user in SAP NetWeaver (Guided Procedures) - version 7.50, can gain access to admin view of specific function anonymously. On successful exploitation of vulnerability under specific circumstances, attacker can view user’s email address. There is no integrity/availability impact.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
SAP NetWeaver 访问控制错误漏洞
Vulnerability Description
SAP NetWeaver是德国思爱普(SAP)公司的一套面向服务的集成化应用平台。该平台主要为SAP应用程序提供开发和运行环境。 SAP NetWeaver 7.50版本存在访问控制错误漏洞,该漏洞源于webdynpro应用程序中缺少身份验证检查,导致未经授权的攻击者可以匿名访问特定功能的管理员视图。
CVSS Information
N/A
Vulnerability Type
N/A