Vulnerability-Lookup - Search a vulnerability

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

FKIE_CVE-2023-32112

Vulnerability from fkie_nvd - Published: 2023-05-09 02:15 - Updated: 2024-11-21 08:02

Severity ?

2.8 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Summary

Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. This could lead to modification of data impacting the integrity of the system.

References

URL	Tags
cna@sap.com	https://launchpad.support.sap.com/#/notes/2335198	Broken Link
cna@sap.com	https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://launchpad.support.sap.com/#/notes/2335198	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Vendor Advisory

Impacted products

Vendor	Product	Version
sap	s4core	100
sap	vendor_master_hierarchy	sap_appl_500
sap	vendor_master_hierarchy	sap_appl_600
sap	vendor_master_hierarchy	sap_appl_602
sap	vendor_master_hierarchy	sap_appl_603
sap	vendor_master_hierarchy	sap_appl_604
sap	vendor_master_hierarchy	sap_appl_605
sap	vendor_master_hierarchy	sap_appl_606
sap	vendor_master_hierarchy	sap_appl_616
sap	vendor_master_hierarchy	sap_appl_617
sap	vendor_master_hierarchy	sap_appl_618

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:sap:s4core:100:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A444336-BCF2-4F87-B24E-F93E2801EE89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_500:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7E5C095-28E7-48C6-BA65-BE34C02FAF49",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_600:*:*:*:*:*:*:*",
              "matchCriteriaId": "FBA9A746-05C8-4A71-B587-2836E6FBF9D7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_602:*:*:*:*:*:*:*",
              "matchCriteriaId": "F38990D3-BF87-45E0-9550-A9BA149EB123",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_603:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D2B6ED7-1862-4B31-9C28-1A4D6340A7AB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_604:*:*:*:*:*:*:*",
              "matchCriteriaId": "7CBC0E3A-E692-47EF-9DAF-9DFF180A1333",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_605:*:*:*:*:*:*:*",
              "matchCriteriaId": "767292C8-1FFB-4927-8F93-E09CB78E6331",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_606:*:*:*:*:*:*:*",
              "matchCriteriaId": "2E06E5C6-697E-4720-A747-B9775DE72BC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_616:*:*:*:*:*:*:*",
              "matchCriteriaId": "A34591CD-23C7-4793-8529-6231DF06DF37",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_617:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7AEB0A8-2DCC-48F4-89FD-F7948FF34141",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:sap:vendor_master_hierarchy:sap_appl_618:*:*:*:*:*:*:*",
              "matchCriteriaId": "16ED5D96-A396-4AFF-9B67-C43CC8628BC5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to\u00a0access some of its function. This could lead to modification of data impacting the integrity of the system.\n\n"
    }
  ],
  "id": "CVE-2023-32112",
  "lastModified": "2024-11-21T08:02:43.980",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 2.8,
          "baseSeverity": "LOW",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.3,
        "impactScore": 1.4,
        "source": "cna@sap.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-05-09T02:15:12.800",
  "references": [
    {
      "source": "cna@sap.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/2335198"
    },
    {
      "source": "cna@sap.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://launchpad.support.sap.com/#/notes/2335198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
    }
  ],
  "sourceIdentifier": "cna@sap.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "cna@sap.com",
      "type": "Primary"
    }
  ]
}

CVE-2023-32112 (GCVE-0-2023-32112)

Vulnerability from cvelistv5 – Published: 2023-05-09 01:42 – Updated: 2025-01-28 19:00

Summary

Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. This could lead to modification of data impacting the integrity of the system.

Severity ?

2.8 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CWE

CWE-862 - Missing Authorization

Assigner

sap

References

URL

Tags

	https://launchpad.support.sap.com/#/notes/2335198
	https://www.sap.com/documents/2022/02/fa865ea4-16…

Impacted products

	Vendor	Product	Version
	SAP_SE	Vendor Master Hierarchy	Affected: SAP_APPL 500 Affected: SAP_APPL 600 Affected: SAP_APPL 602 Affected: SAP_APPL 603 Affected: SAP_APPL 604 Affected: SAP_APPL 605 Affected: SAP_APPL 606 Affected: SAP_APPL 616 Affected: SAP_APPL 617 Affected: SAP_APPL 618 Affected: S4CORE 100

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:03:28.988Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/2335198"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-32112",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-28T19:00:42.564406Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-28T19:00:52.594Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Vendor Master Hierarchy",
          "vendor": "SAP_SE",
          "versions": [
            {
              "status": "affected",
              "version": "SAP_APPL 500"
            },
            {
              "status": "affected",
              "version": "SAP_APPL 600"
            },
            {
              "status": "affected",
              "version": "SAP_APPL 602"
            },
            {
              "status": "affected",
              "version": "SAP_APPL 603"
            },
            {
              "status": "affected",
              "version": "SAP_APPL 604"
            },
            {
              "status": "affected",
              "version": "SAP_APPL 605"
            },
            {
              "status": "affected",
              "version": "SAP_APPL 606"
            },
            {
              "status": "affected",
              "version": "SAP_APPL 616"
            },
            {
              "status": "affected",
              "version": "SAP_APPL 617"
            },
            {
              "status": "affected",
              "version": "SAP_APPL 618"
            },
            {
              "status": "affected",
              "version": "S4CORE 100"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eVendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to\u00a0access some of its function. This could lead to modification of data impacting the integrity of the system.\u003c/p\u003e"
            }
          ],
          "value": "Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to\u00a0access some of its function. This could lead to modification of data impacting the integrity of the system.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "eng",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T01:46:29.784Z",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "url": "https://launchpad.support.sap.com/#/notes/2335198"
        },
        {
          "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Missing Authorization Check in Vendor Master Hierarchy",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2023-32112",
    "datePublished": "2023-05-09T01:42:23.289Z",
    "dateReserved": "2023-05-03T14:48:13.764Z",
    "dateUpdated": "2025-01-28T19:00:52.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-32112 (GCVE-0-2023-32112)

Vulnerability from nvd – Published: 2023-05-09 01:42 – Updated: 2025-01-28 19:00

Summary

Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. This could lead to modification of data impacting the integrity of the system.

Severity ?

2.8 (Low)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

CWE

CWE-862 - Missing Authorization

Assigner

sap

References

URL

Tags

	https://launchpad.support.sap.com/#/notes/2335198
	https://www.sap.com/documents/2022/02/fa865ea4-16…

Impacted products

	Vendor	Product	Version
	SAP_SE	Vendor Master Hierarchy	Affected: SAP_APPL 500 Affected: SAP_APPL 600 Affected: SAP_APPL 602 Affected: SAP_APPL 603 Affected: SAP_APPL 604 Affected: SAP_APPL 605 Affected: SAP_APPL 606 Affected: SAP_APPL 616 Affected: SAP_APPL 617 Affected: SAP_APPL 618 Affected: S4CORE 100

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:03:28.988Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/2335198"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-32112",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-28T19:00:42.564406Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-28T19:00:52.594Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Vendor Master Hierarchy",
          "vendor": "SAP_SE",
          "versions": [
            {
              "status": "affected",
              "version": "SAP_APPL 500"
            },
            {
              "status": "affected",
              "version": "SAP_APPL 600"
            },
            {
              "status": "affected",
              "version": "SAP_APPL 602"
            },
            {
              "status": "affected",
              "version": "SAP_APPL 603"
            },
            {
              "status": "affected",
              "version": "SAP_APPL 604"
            },
            {
              "status": "affected",
              "version": "SAP_APPL 605"
            },
            {
              "status": "affected",
              "version": "SAP_APPL 606"
            },
            {
              "status": "affected",
              "version": "SAP_APPL 616"
            },
            {
              "status": "affected",
              "version": "SAP_APPL 617"
            },
            {
              "status": "affected",
              "version": "SAP_APPL 618"
            },
            {
              "status": "affected",
              "version": "S4CORE 100"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eVendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to\u00a0access some of its function. This could lead to modification of data impacting the integrity of the system.\u003c/p\u003e"
            }
          ],
          "value": "Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to\u00a0access some of its function. This could lead to modification of data impacting the integrity of the system.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 2.8,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N",
            "version": "3.1"
          },
          "format": "CVSS",
          "scenarios": [
            {
              "lang": "en",
              "value": "GENERAL"
            }
          ]
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-862",
              "description": "CWE-862: Missing Authorization",
              "lang": "eng",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-09T01:46:29.784Z",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "url": "https://launchpad.support.sap.com/#/notes/2335198"
        },
        {
          "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "title": "Missing Authorization Check in Vendor Master Hierarchy",
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2023-32112",
    "datePublished": "2023-05-09T01:42:23.289Z",
    "dateReserved": "2023-05-03T14:48:13.764Z",
    "dateUpdated": "2025-01-28T19:00:52.594Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

3 vulnerabilities found for vendor_master_hierarchy by sap

FKIE_CVE-2023-32112

CVE-2023-32112 (GCVE-0-2023-32112)

CVE-2023-32112 (GCVE-0-2023-32112)