Vulnerabilities > CVE-2023-32112 - Missing Authorization vulnerability in SAP S4Core and Vendor Master Hierarchy

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

local

low complexity

sap

CWE-862

NVD

Published: 2023-05-09

Updated: 2023-05-15

Summary

Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. This could lead to modification of data impacting the integrity of the system.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP S4Core 100 SAP Vendor Master Hierarchy Sap_Appl_500 SAP Vendor Master Hierarchy Sap_Appl_600 SAP Vendor Master Hierarchy Sap_Appl_602 SAP Vendor Master Hierarchy Sap_Appl_603 SAP Vendor Master Hierarchy Sap_Appl_604 SAP Vendor Master Hierarchy Sap_Appl_605 SAP Vendor Master Hierarchy Sap_Appl_606 SAP Vendor Master Hierarchy Sap_Appl_616 SAP Vendor Master Hierarchy Sap_Appl_617 SAP Vendor Master Hierarchy Sap_Appl_618	11

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References