CVE-2023-29111

Description

The SAP AIF (ODATA service) - versions 755, 756, discloses more detailed information than is required. An authorized attacker can use the collected information possibly to exploit the component. As a result, an attacker can cause a low impact on the confidentiality of the application.

CVSS breakdown

CVSS 3.1

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Affected products

SAP / Application Interface Framework (ODATA service)755 – 755
SAP / Application Interface Framework (ODATA service)756 – 756

References

MISChttps://launchpad.support.sap.com/#/notes/3117978
MISChttps://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html