9.3
CVE-2023-32113
- EPSS 0.18%
- Published 09.05.2023 02:15:12
- Last modified 21.11.2024 08:02:44
- Source cna@sap.com
- Teams watchlist Login
- Open Login
SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.
Data is provided by the National Vulnerability Database (NVD)
SAP ≫ Gui For Windows Version < 7.70
SAP ≫ Gui For Windows Version7.70 Update-
SAP ≫ Gui For Windows Version7.70 Updatepatch_level1
SAP ≫ Gui For Windows Version7.70 Updatepatch_level10
SAP ≫ Gui For Windows Version7.70 Updatepatch_level11
SAP ≫ Gui For Windows Version7.70 Updatepatch_level2
SAP ≫ Gui For Windows Version7.70 Updatepatch_level3
SAP ≫ Gui For Windows Version7.70 Updatepatch_level4
SAP ≫ Gui For Windows Version7.70 Updatepatch_level5
SAP ≫ Gui For Windows Version7.70 Updatepatch_level6
SAP ≫ Gui For Windows Version7.70 Updatepatch_level7
SAP ≫ Gui For Windows Version7.70 Updatepatch_level8
SAP ≫ Gui For Windows Version7.70 Updatepatch_level9
SAP ≫ Gui For Windows Version8.0 Update-
SAP ≫ Gui For Windows Version8.0 Updatepatch_level1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.407 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 9.3 | 2.8 | 5.8 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N
|
| cna@sap.com | 7.5 | 1.2 | 5.8 |
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.