CVE-2023-23855

CVSS 6.5 · Medium EPSS 0.17% · P37 Updated Mar 21, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2023-23855

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. A successful attack could lead an attacker to read or modify the information or expose the user to a phishing attack. As a result, it has a low impact to confidentiality, integrity and availability.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L

Source: NVD (National Vulnerability Database)

Vulnerability Type

指向未可信站点的URL重定向(开放重定向)

Source: NVD (National Vulnerability Database)

Vulnerability Title

SAP Solution Manager 输入验证错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

SAP Solution Manager是德国思爱普（SAP）公司的一套集系统监控、SAP支持桌面、自助服务、ASAP实施等多个功能为一体的系统管理平台。该平台可以帮助客户建立SAP解决方案的生命周期管理，并提供系统监控、远程支持服务和SAP产品组件升级等功能。 SAP Solution Manager 720版本存在输入验证错误漏洞，该漏洞源于对URL验证不充分。攻击者利用该漏洞将用户重定向到恶意站点，从而读取或修改信息或使用户遭受网络钓鱼攻击。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
SAP	Solution Manager	720	-

II. Public POCs for CVE-2023-23855

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2023-23855

请登录查看更多情报信息。

Same Patch Batch · SAP · 2023-02-14 · 18 CVEs total

CVE-2023-24523	8.8 HIGH	SAP Host Agent 安全漏洞
CVE-2023-24530	8.4 HIGH	SAP BusinessObjects Business Intelligence Platform 代码问题漏洞
CVE-2023-0025	6.5 MEDIUM	SAP Solution Manager 跨站脚本漏洞
CVE-2023-0024	6.5 MEDIUM	SAP Solution Manager 跨站脚本漏洞
CVE-2023-24528	6.5 MEDIUM	SAP ERP 安全漏洞
CVE-2023-24524	6.5 MEDIUM	SAP S/4 HANA 安全漏洞
CVE-2023-25614	6.1 MEDIUM	SAP NetWeaver AS 跨站脚本漏洞
CVE-2023-24529	6.1 MEDIUM	BSP 跨站脚本漏洞
CVE-2023-24522	6.1 MEDIUM	SAP NetWeaver AS 跨站脚本漏洞
CVE-2023-24521	6.1 MEDIUM	SAP NetWeaver AS 跨站脚本漏洞
CVE-2023-23860	6.1 MEDIUM	SAP NetWeaver AS 输入验证错误漏洞
CVE-2023-23859	6.1 MEDIUM	SAP NetWeaver AS 跨站脚本漏洞
CVE-2023-23853	6.1 MEDIUM	SAP NetWeaver Application Server 输入验证错误漏洞
CVE-2023-23852	6.1 MEDIUM	SAP Solution Manager 跨站脚本漏洞
CVE-2023-23851	5.4 MEDIUM	SAP Business Planning and Consolidation 代码问题漏洞
CVE-2023-24525	4.3 MEDIUM	SAP CRM 跨站脚本漏洞
CVE-2023-23854	3.8 LOW	SAP NetWeaver Application Server 安全漏洞

IV. Related Vulnerabilities

Same product: Solution Manager

CVE-2023-23852
SAP Solution Manager 跨站脚本漏洞

Same vendor: SAP

Same weakness: CWE-601

V. Comments for CVE-2023-23855

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2023-23855

I. Basic Information for CVE-2023-23855

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2023-23855

III. Intelligence Information for CVE-2023-23855

Same Patch Batch · SAP · 2023-02-14 · 18 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2023-23855

Leave a comment