CVE-2023-23853: 
SAP NetWeaver Application Server ABAP vulnerability analysis and mitigation

CVE-2023-23853 is a security vulnerability affecting SAP NetWeaver Application Server for ABAP and ABAP Platform across multiple versions (700, 702, 731, 740, 750, 751, 752, 753, 754, 755, 756, 757, 789, 790). The vulnerability was disclosed in February 2023 and allows an unauthenticated attacker to craft malicious links that can redirect unsuspecting users to malicious sites (NVD).

The vulnerability is classified with a CVSS v3.1 Base Score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges, but does require user interaction. The vulnerability is categorized as CWE-601 (URL Redirection to Untrusted Site) (AttackerKB).

When exploited, the vulnerability can lead to the reading or modification of sensitive information and potentially expose victims to phishing attacks. The vulnerability has no direct impact on system availability but affects both confidentiality and integrity at a low level (NVD).

SAP has released security notes and patches for this vulnerability. Organizations running affected versions of SAP NetWeaver Application Server for ABAP and ABAP Platform should review and apply the appropriate updates as detailed in SAP Security Note 3271227 (SAP Note).