5.5
CVE-2023-32112
- EPSS 0.04%
- Published 09.05.2023 02:15:12
- Last modified 21.11.2024 08:02:43
- Source cna@sap.com
- Teams watchlist Login
- Open Login
Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. This could lead to modification of data impacting the integrity of the system.
Data is provided by the National Vulnerability Database (NVD)
SAP ≫ Vendor Master Hierarchy Versionsap_appl_500
SAP ≫ Vendor Master Hierarchy Versionsap_appl_600
SAP ≫ Vendor Master Hierarchy Versionsap_appl_602
SAP ≫ Vendor Master Hierarchy Versionsap_appl_603
SAP ≫ Vendor Master Hierarchy Versionsap_appl_604
SAP ≫ Vendor Master Hierarchy Versionsap_appl_605
SAP ≫ Vendor Master Hierarchy Versionsap_appl_606
SAP ≫ Vendor Master Hierarchy Versionsap_appl_616
SAP ≫ Vendor Master Hierarchy Versionsap_appl_617
SAP ≫ Vendor Master Hierarchy Versionsap_appl_618
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.04% | 0.126 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.5 | 1.8 | 3.6 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
|
| cna@sap.com | 2.8 | 1.3 | 1.4 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.