← Back

CVE-2023-32112

nvd nist
Published: May 9, 2023Modified: Nov 21, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Exploitability: 1.8 / Impact: 3.6
Source: NVD

Description

Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. This could lead to modification of data impacting the integrity of the system.

Affected (11)

Sap
2 products
S4core
Vendor Master Hierarchy
Configuration A
11 vulnerable
Vulnerable SoftwareAffected Versions
S4core
Version 100
Sap
Vendor Master Hierarchy
Version sap_appl_500
Vendor Master Hierarchy
Version sap_appl_600
Vendor Master Hierarchy
Version sap_appl_602
Vendor Master Hierarchy
Version sap_appl_603
Vendor Master Hierarchy
Version sap_appl_604
Vendor Master Hierarchy
Version sap_appl_605
Vendor Master Hierarchy
Version sap_appl_606
Vendor Master Hierarchy
Version sap_appl_616
Vendor Master Hierarchy
Version sap_appl_617
Vendor Master Hierarchy
Version sap_appl_618

Related CWEs

CWE-862
Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

References (4)

Source: cna@sap.com
Broken Link
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken Link
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.