CVE-2023-2827

CVSS V2 None CVSS V3 None

Description

SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing. Therefore, unauthorized callers from the internal network could send service requests to PCo or the Production Connector, which could have an impact on the integrity of the integration with SAP Digital Manufacturing.

Overview

CVE ID
CVE-2023-2827

Assigner
sap

Vulnerability Status
PUBLISHED

Published Version
2023-06-13T02:36:18.158Z

Last Modified Date
2023-06-13T02:36:18.158Z

Weakness Enumerations

CWE	URL
CWE-306	http://cwe.mitre.org/data/definitions/306.html

References

Reference URL	Reference Tags
https://launchpad.support.sap.com/#/notes/3301942
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-2827
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-2827

History

Created	Old Value	New Value	Data Type	Notes
2024-06-24 22:17:54				Added to TrackCVE