The Message Display Tool (MDT) of SAP NetWeaver Process Integration - version SAP_XIAF 7.50, does not perform authentication checks for certain functionalities that require user identity. An unauthenticated user might access technical data about the product status and its configuration. The vulnerability does not allow access to sensitive information or administrative functionalities. On successful exploitation an attacker can cause limited impact on confidentiality and availability of the application.
                
            References
                    | Link | Resource | 
|---|---|
| https://me.sap.com/notes/3343564 | Permissions Required | 
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory | 
| https://me.sap.com/notes/3343564 | Permissions Required | 
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory | 
Configurations
                    History
                    No history.
Information
                Published : 2023-07-11 03:15
Updated : 2024-11-21 08:08
NVD link : CVE-2023-35872
Mitre link : CVE-2023-35872
CVE.ORG link : CVE-2023-35872
JSON object : View
Products Affected
                sap
- netweaver_process_integration
CWE
                
                    
                        
                        CWE-306
                        
            Missing Authentication for Critical Function
