CVE-2023-27897
MEDIUM severity · CVSS 6 · Code injection
6CVSS MEDIUM
Summary
In SAP CRM - versions 700, 701, 702, 712, 713, an attacker who is authenticated with a non-administrative role and a common remote execution authorization can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can can have limited impact on confidentiality and integrity of non-critical user or application data and application availability.
Impact & exploitability
Attack vectorNetwork
Attack complexityHigh
Privileges requiredLow
User interactionNone
Confidentiality impactLow
Integrity impactLow
Availability impactLow
Exploit probability (EPSS)1%
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.