How severe is CVE-2023-23857?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.6 out of 10.

What type of vulnerability is CVE-2023-23857?

This is classified as CWE-287, which is a common weakness in software security.

CVE-2023-23857 - HIGH Severity | CVSS 8.6

Vulnerability Description

Due to missing authentication check, SAP NetWeaver AS for Java - version 7.50, allows an unauthenticated attacker to attach to an open interface and make use of an open naming and directory API to access services which can be used to perform unauthorized operations affecting users and services across systems. On a successful exploitation, the attacker can read and modify some sensitive information but can also be used to lock up any element or operation of the system making that it unresponsive or unavailable.

Related Vulnerabilities

CVE-2017-6062

HIGH

CVSS:8.6(High)

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.5 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "OIDC...

CWE-2872017

CVE-2017-6413

HIGH

CVSS:8.6(High)

The "OpenID Connect Relying Party and OAuth 2.0 Resource Server" (aka mod_auth_openidc) module before 2.1.6 for the Apache HTTP Server does not skip OIDC_CLAIM_ and OIDCAuthNHeader headers in an "Auth...

CWE-2872017

CVE-2018-2449

HIGH

CVSS:8.6(High)

SAP SRM MDM Catalog versions 3.73, 7.31, 7.32 in (SAP NetWeaver 7.3) - import functionality does not perform authentication checks for valid repository user. This is an unauthenticated functionality t...

CWE-2872018

CVE-2019-3654

HIGH

CVSS:8.6(High)

Authentication Bypass vulnerability in the Microsoft Windows client in McAfee Client Proxy (MCP) prior to 3.0.0 allows local user to bypass scanning of web traffic and gain access to blocked sites for...

CWE-2872019

CVE-2019-6521

HIGH

CVSS:8.6(High)

WebAccess/SCADA, Version 8.3. Specially crafted requests could allow a possible authentication bypass that could allow an attacker to obtain and manipulate sensitive information.

CWE-2872019

CVE-2020-3944

HIGH

CVSS:8.6(High)

vRealize Operations for Horizon Adapter (6.7.x prior to 6.7.1 and 6.6.x prior to 6.6.1) has an improper trust store configuration leading to authentication bypass. An unauthenticated remote attacker w...

CWE-2872020