发布日期：2023-02-13
更新日期：2023-04-21

受影响系统：

SAP SAP NetWeaver Application Server for ABAP and ABAP Platform 790
SAP SAP NetWeaver Application Server for ABAP and ABAP Platform 789
SAP SAP NetWeaver Application Server for ABAP and ABAP Platform 757
SAP SAP NetWeaver Application Server for ABAP and ABAP Platform 756
SAP SAP NetWeaver Application Server for ABAP and ABAP Platform 755
SAP SAP NetWeaver Application Server for ABAP and ABAP Platform 754
SAP SAP NetWeaver Application Server for ABAP and ABAP Platform 753
SAP SAP NetWeaver Application Server for ABAP and ABAP Platform 752
SAP SAP NetWeaver Application Server for ABAP and ABAP Platform 751
SAP SAP NetWeaver Application Server for ABAP and ABAP Platform 750
SAP SAP NetWeaver Application Server for ABAP and ABAP Platform 740
SAP SAP NetWeaver Application Server for ABAP and ABAP Platform 731
SAP SAP NetWeaver Application Server for ABAP and ABAP Platform 702
SAP SAP NetWeaver Application Server for ABAP and ABAP Platform 700

描述：

---

CVE(CAN) ID: CVE-2023-23853

SAP NetWeaver Application Server是德国思爱普（SAP）公司的一款应用程序服务器。
SAP NetWeaver Application Server for ABAP and ABAP Platform 700、702、731、740、750、751、752、753、754、755、756、757、789和790版本存在开放重定向漏洞，未经身份认证的攻击者可利用该漏洞通过制作链接将用户重定向至恶意站点，从而读取和修改敏感信息或使用户遭受网络钓鱼攻击。

<*链接：https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
*>

建议：

---

厂商补丁：

SAP
---
SAP已经为此发布了一个安全公告（2023-01-10）以及相应补丁:
2023-01-10：SAP Security Patch Day – April 2023
链接：https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

浏览次数：376
严重程度：0（网友投票）