CVE-2023-32115
Vulnerability from cvelistv5
Published
2023-06-13 02:42
Modified
2024-08-02 15:03
Severity ?
EPSS score ?
Summary
SQL Injection in Master Data Synchronization (MDS COMPARE TOOL)
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cna@sap.com | https://launchpad.support.sap.com/#/notes/1794761 | Permissions Required | |
| cna@sap.com | https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | Vendor Advisory |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| SAP_SE | Master Data Synchronization (MDS COMPARE TOOL) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:29.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/1794761"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Master Data Synchronization (MDS COMPARE TOOL)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "SAP_APPL 600"
},
{
"status": "affected",
"version": "SAP_APPL 602"
},
{
"status": "affected",
"version": "SAP_APPL 603"
},
{
"status": "affected",
"version": "SAP_APPL 604"
},
{
"status": "affected",
"version": "SAP_APPL 605"
},
{
"status": "affected",
"version": "SAP_APPL 606"
},
{
"status": "affected",
"version": "SAP_APPL 616"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system.\u003c/p\u003e"
}
],
"value": "An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T02:42:28.223Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/1794761"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection in Master Data Synchronization (MDS COMPARE TOOL)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2023-32115",
"datePublished": "2023-06-13T02:42:28.223Z",
"dateReserved": "2023-05-03T14:48:13.764Z",
"dateUpdated": "2024-08-02T15:03:29.236Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2023-32115\",\"sourceIdentifier\":\"cna@sap.com\",\"published\":\"2023-06-13T03:15:09.473\",\"lastModified\":\"2023-06-26T13:55:12.110\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system.\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":6.1,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":4.2},{\"source\":\"cna@sap.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\",\"baseScore\":4.2,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.1,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"cna@sap.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-89\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:master_data_synchronization:600:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"164BE6C3-871C-49C1-8CCD-FD2659F4C6EF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:master_data_synchronization:602:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEF40ABC-A7D1-408C-A281-DEA0BC688291\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:master_data_synchronization:603:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85319F2E-8910-46EB-B6EE-FFF2425EE076\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:master_data_synchronization:604:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"195E9910-DFA1-44A9-86E2-B389B442CFE1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:master_data_synchronization:605:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EC29B5FE-7642-4775-A74F-43B2E6A3F114\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:master_data_synchronization:606:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95441179-BD7B-4E68-AB77-BC9739D28BE3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:sap:master_data_synchronization:616:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"25F1FC67-7AA7-4E93-8A55-9C25CD7A051D\"}]}]}],\"references\":[{\"url\":\"https://launchpad.support.sap.com/#/notes/1794761\",\"source\":\"cna@sap.com\",\"tags\":[\"Permissions Required\"]},{\"url\":\"https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\",\"source\":\"cna@sap.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.