CVE-2023-32112Missing Authorization in SE Vendor Master Hierarchy

CWE-862Missing Authorization3 documents3 sources
Severity
5.5MEDIUMNVD
CNA2.8
EPSS
0.1%
top 84.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
SAP SE Vendor Master HierarchySAP S4coreSAP Vendor Master Hierarchy
Timeline
PublishedMay 9
Latest updateJul 6

Description

Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. This could lead to modification of data impacting the integrity of the system.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

NVDsap/vendor_master_hierarchy10 versions+9
CVEListV5sap_se/vendor_master_hierarchy11 versions+10
NVDsap/s4core100

🔴Vulnerability Details

2
GHSA
GHSA-5vh6-vprx-fjvm: Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP2023-07-06
CVEList
Missing Authorization Check in Vendor Master Hierarchy2023-05-09
CVE-2023-32112 — Missing Authorization | cvebase