How severe is CVE-2023-41366?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2023-41366?

This is classified as CWE-497, which is a common weakness in software security.

CVE-2023-41366 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Under certain condition SAP NetWeaver Application Server ABAP - versions KERNEL 722, KERNEL 7.53, KERNEL 7.77, KERNEL 7.85, KERNEL 7.89, KERNEL 7.54, KERNEL 7.91, KERNEL 7.92, KERNEL 7.93, KERNEL 7.94, KERNEL64UC 7.22, KERNEL64UC 7.22EXT, KERNEL64UC 7.53, KERNEL64NUC 7.22, KERNEL64NUC 7.22EXT, allows an unauthenticated attacker to access the unintended data due to the lack of restrictions applied which may lead to low impact in confidentiality and no impact on the integrity and availability of the application.

Related Vulnerabilities

CVE-2019-10243

MEDIUM

CVSS:5.3(Medium)

In Eclipse Kura versions up to 4.0.0, Kura exposes the underlying Ui Web server version in its replies. This can be used as a hint by an attacker to specifically craft attacks to the web server run by...

CWE-4972019

CVE-2020-26076

MEDIUM

CVSS:5.3(Medium)

A vulnerability in Cisco IoT Field Network Director (FND) could allow an unauthenticated, remote attacker to view sensitive database information on an affected device. The vulnerability is due to the ...

CWE-4972020

CVE-2021-1234

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be aff...

CWE-4972021

CVE-2021-1535

MEDIUM

CVSS:5.3(Medium)

A vulnerability in the cluster management interface of Cisco SD-WAN vManage Software could allow an unauthenticated, remote attacker to view sensitive information on an affected system. To be affected...

CWE-4972021

CVE-2022-38710

MEDIUM

CVSS:5.3(Medium)

IBM Robotic Process Automation 21.0.1 and 21.0.2 could disclose sensitive version to an unauthorized control sphere information that could aid in further attacks against the system. IBM X-Force ID: 23...

CWE-4972022

CVE-2022-43852

MEDIUM

CVSS:5.3(Medium)

IBM Aspera Console 3.4.0 through 3.4.4 could disclose sensitive information in HTTP headers that could be used in further attacks against the system.

CWE-4972022