CVE-2023-32112

Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. This could lead to modification of data impacting the integrity of the system.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://launchpad.support.sap.com/#/notes/2335198	Broken Link
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:s4core:100:::::::*
	cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_500:::::::*
	cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_600:::::::*
	cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_602:::::::*
	cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_603:::::::*
	cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_604:::::::*
	cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_605:::::::*
	cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_606:::::::*
	cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_616:::::::*
	cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_617:::::::*
	cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_618:::::::*

History

No history.

Information

Published : 2023-05-09 02:15

Updated : 2024-02-28 20:13

NVD link : CVE-2023-32112

Mitre link : CVE-2023-32112

CVE.ORG link : CVE-2023-32112

JSON object : View

Products Affected

sap

s4core
vendor_master_hierarchy

CWE

CWE-862

Missing Authorization

{"id": "CVE-2023-32112", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.8, "attackVector": "LOCAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 1.3}]}, "published": "2023-05-09T02:15:12.800", "references": [{"url": "https://launchpad.support.sap.com/#/notes/2335198", "tags": ["Broken Link"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to\u00a0access some of its function. This could lead to modification of data impacting the integrity of the system.\n\n"}], "lastModified": "2023-05-15T17:23:48.290", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:s4core:100:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3A444336-BCF2-4F87-B24E-F93E2801EE89"}, {"criteria": "cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_500:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7E5C095-28E7-48C6-BA65-BE34C02FAF49"}, {"criteria": "cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_600:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBA9A746-05C8-4A71-B587-2836E6FBF9D7"}, {"criteria": "cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_602:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F38990D3-BF87-45E0-9550-A9BA149EB123"}, {"criteria": "cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_603:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D2B6ED7-1862-4B31-9C28-1A4D6340A7AB"}, {"criteria": "cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_604:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7CBC0E3A-E692-47EF-9DAF-9DFF180A1333"}, {"criteria": "cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_605:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "767292C8-1FFB-4927-8F93-E09CB78E6331"}, {"criteria": "cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_606:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2E06E5C6-697E-4720-A747-B9775DE72BC7"}, {"criteria": "cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_616:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A34591CD-23C7-4793-8529-6231DF06DF37"}, {"criteria": "cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_617:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E7AEB0A8-2DCC-48F4-89FD-F7948FF34141"}, {"criteria": "cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_618:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16ED5D96-A396-4AFF-9B67-C43CC8628BC5"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}