SAP Patches Critical Vulnerability CVE-2023-28761
SAP has released a patch for CVE-2023-28761, a vulnerability that, if exploited, could make other, more critical vulnerabilities accessible to remote, unauthenticated attackers via HTTP. The impact of CVE-2023-28761 is low, but its potential for increased risk is higher due to its possible use in conjunction with other vulnerabilities in the P4CHAINS family.
Exploit chaining, the practice of combining vulnerabilities to achieve specific goals, is a tactic used by attackers. CVE-2023-28761, patched by SAP on April 11, 2023, is one such vulnerability that, when exploited, can make an entire group of security vulnerabilities exploitable remotely, unauthenticated, accessible via HTTP, and have heightened, critical system impacts. It's crucial to apply patches, including this one, in a timely manner to mitigate such risks. Onapsis Research Labs refers to the family of CVE(s) mentioned in this blog post as 'P4CHAINS'.
The CVSS v3 score for CVE-2023-28761 is 6.5, indicating medium criticality. However, CVSS ratings are not absolute guides, and businesses should have access to up-to-date threat data to better understand risks and prioritize workloads.
The patch for CVE-2023-28761 should be applied promptly to prevent its use in conjunction with other vulnerabilities. Businesses should stay informed about the latest threat data to effectively manage their cybersecurity risks.
Read also:
- Trump and Xi speak over the phone, according to China's confirmation.
- NVIDIA introduces Blackwell to the cloud and unveils the significant enhancement of GeForce Now at Gamescom 2025, marking a major step in cloud gaming technology.
- Strategies for Adhering to KYC/AML Regulations in India, a Leading Fintech Center (2024)
- Strategies for Poland, Ukraine, and NATO to combat unmanned Russian aerial threats.
