CVE-2023-49581— SQL Injection vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-49581
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
SQL Injection vulnerability in SAP NetWeaver Application Server ABAP and ABAP Platform
Source: NVD (National Vulnerability Database)
Vulnerability Description
SAP GUI for Windows and SAP GUI for Java allow an unauthenticated attacker to access information which would otherwise be restricted and confidential. In addition, this vulnerability allows the unauthenticated attacker to write data to a database table. By doing so the attacker could increase response times of the AS ABAP, leading to mild impact on availability.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
Source: NVD (National Vulnerability Database)
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Source: NVD (National Vulnerability Database)
Vulnerability Title
SAP GUI 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SAP GUI是德国思爱普(SAP)公司的一个应用软件。SAP系统的图形用户界面。 SAP GUI存在信息泄露漏洞,该漏洞源于允许未经身份验证的攻击者访问内部信息。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SAP_SE | SAP NetWeaver Application Server ABAP and ABAP Platform | SAP_BASIS 700 | - |
II. Public POCs for CVE-2023-49581
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-49581
请登录查看更多情报信息。
Same Patch Batch · SAP_SE · 2023-12-12 · 16 CVEs total
| CVE-2023-49583 | 9.1 CRITICAL | Escalation of Privileges in SAP BTP Security Services Integration Library ([Node.js] @sap/ |
| CVE-2023-50422 | 9.1 CRITICAL | Escalation of Privileges in SAP BTP Security Services Integration Library ([Java] cloud-se |
| CVE-2023-50423 | 9.1 CRITICAL | Escalation of Privileges in SAP BTP Security Services Integration Library ([Python] cloud- |
| CVE-2023-50424 | 9.1 CRITICAL | Escalation of Privileges in SAP BTP Security Services Integration Library ([Golang] github |
| CVE-2023-42481 | 8.1 HIGH | Improper Access Control vulnerability in SAP Commerce Cloud |
| CVE-2023-42478 | 7.5 HIGH | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Plat |
| CVE-2023-49580 | 7.3 HIGH | Information disclosure in SAP GUI for Windows and SAP GUI for Java |
| CVE-2023-6542 | 7.1 HIGH | Improper Export of Android Application Components in SAP EMARSYS SDK ANDROID |
| CVE-2023-42476 | 6.8 MEDIUM | Cross Site Scripting vulnerability in SAP BusinessObjects Web Intelligence |
| CVE-2023-49587 | 6.4 MEDIUM | Command Injection vulnerability in SAP Solution Manager |
| CVE-2023-42479 | 6.1 MEDIUM | Cross-Site Scripting (XSS) vulnerability in SAP Biller Direct |
| CVE-2023-49577 | 6.1 MEDIUM | Cross-Site Scripting (XSS) vulnerability in the SAP HCM (SMART PAYE solution) |
| CVE-2023-49584 | 4.3 MEDIUM | Client-Side Desynchronization vulnerability in SAP Fiori Launchpad |
| CVE-2023-49058 | 3.5 LOW | Directory Traversal vulnerability in SAP Master Data Governance |
| CVE-2023-49578 | 3.5 LOW | Denial of service (DOS) in SAP Cloud Connector |
IV. Related Vulnerabilities
Same product: SAP NetWeaver Application Server ABAP and ABAP Platform
- CVE-2026-0509
Missing Authorization check in SAP NetWeaver Application Ser - CVE-2026-0506
Missing Authorization check in SAP NetWeaver Application Ser - CVE-2025-42969
Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver Ap - CVE-2025-31329
Information Disclosure vulnerability in SAP NetWeaver Applic - CVE-2024-41734
Missing Authorization check in SAP NetWeaver Application Ser
Same vendor: SAP_SE
- CVE-2026-34264
Information Disclosure vulnerability in SAP Human Capital Ma - CVE-2026-34262
Information Disclosure Vulnerability in SAP HANA Cockpit and - CVE-2026-34261
Missing Authorization check in SAP Business Analytics and SA - CVE-2026-34257
Open Redirect vulnerability in SAP NetWeaver Application Ser - CVE-2026-34256
Missing Authorization check in SAP ERP and SAP S/4 HANA (Pri
Same weakness: CWE-89
- CVE-2021-47941
WordPress Plugin Survey & Poll 1.5.7.3 SQL Injection via sss - CVE-2021-47930
Balbooa Joomla Forms Builder 2.0.6 SQL Injection Unauthentic - CVE-2021-47928
Opencart TMD Vendor System 3.x Blind SQL Injection via produ - CVE-2026-8231
CodeAstro Online Catering Ordering System deleteorder.php sq - CVE-2025-14179
SQL injection in pdo_firebird via NUL bytes in quoted string
V. Comments for CVE-2023-49581
No comments yet