Vulnerabilities > CVE-2023-32113 - Unspecified vulnerability in SAP GUI for Windows

CVSS 9.3 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

sap

critical

NVD

Published: 2023-05-09

Updated: 2024-11-21

Summary

SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP GUI FOR Windows 7.70 SAP GUI FOR Windows 8.0 SAP GUI FOR Windows 7.20 SAP GUI FOR Windows 7.20_Compilation_2 SAP GUI FOR Windows 7.30 SAP GUI FOR Windows 7.40_Core_Sp00-Sp011 SAP GUI FOR Windows 7.50 SAP GUI FOR Windows 7.50_Core_Sp000 SAP GUI FOR Windows 7.60	37

References

https://launchpad.support.sap.com/#/notes/3320467
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://launchpad.support.sap.com/#/notes/3320467
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html