Unrated severityNVD Advisory· Published Jun 13, 2023· Updated Jan 3, 2025

Missing Authentication in SAP Plant Connectivity and Production Connector for SAP Digital

CVE-2023-2827

Description

SAP Plant Connectivity - version 15.5 (PCo) or the Production Connector for SAP Digital Manufacturing - version 1.0, do not validate the signature of the JSON Web Token (JWT) in the HTTP request sent from SAP Digital Manufacturing. Therefore, unauthorized callers from the internal network could send service requests to PCo or the Production Connector, which could have an impact on the integrity of the integration with SAP Digital Manufacturing.

Affected products

SAP/Production Connector for SAP Digital Manufacturingllm-create
Range: = 1.0
SAP/SAP Digital Manufacturingllm-create
SAP/Plant Connectivityllm-fuzzy2 versions
<= 15.5+ 1 more
- (no CPE)range: <= 15.5
- (no CPE)range: 1.0

Patches

Vulnerability mechanics

References

launchpad.support.sap.commitre
www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000