Lucene search

[email protected]CVE-2023-32115

HistoryJun 13, 2023 - 3:15 a.m.

CVE-2023-32115

2023-06-1303:15:09

CWE-89

[email protected]

web.nvd.nist.gov

cve-2023-32115

mds compare tool

database commands

security vulnerability

data modification

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system.

Affected configurations

NVD

Node

sapmaster_data_synchronizationMatch600

sapmaster_data_synchronizationMatch602

sapmaster_data_synchronizationMatch603

sapmaster_data_synchronizationMatch604

sapmaster_data_synchronizationMatch605

sapmaster_data_synchronizationMatch606

sapmaster_data_synchronizationMatch616

CPENameOperatorVersion
sap:master_data_synchronizationsap master data synchronizationeq600
sap:master_data_synchronizationsap master data synchronizationeq602
sap:master_data_synchronizationsap master data synchronizationeq603
sap:master_data_synchronizationsap master data synchronizationeq604
sap:master_data_synchronizationsap master data synchronizationeq605
sap:master_data_synchronizationsap master data synchronizationeq606
sap:master_data_synchronizationsap master data synchronizationeq616

CPE	Name	Operator	Version
sap:master_data_synchronization	sap master data synchronization	eq	600
sap:master_data_synchronization	sap master data synchronization	eq	602
sap:master_data_synchronization	sap master data synchronization	eq	603
sap:master_data_synchronization	sap master data synchronization	eq	604
sap:master_data_synchronization	sap master data synchronization	eq	605
sap:master_data_synchronization	sap master data synchronization	eq	606
sap:master_data_synchronization	sap master data synchronization	eq	616

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Master Data Synchronization (MDS COMPARE TOOL)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "SAP_APPL 600"
      },
      {
        "status": "affected",
        "version": "SAP_APPL 602"
      },
      {
        "status": "affected",
        "version": "SAP_APPL 603"
      },
      {
        "status": "affected",
        "version": "SAP_APPL 604"
      },
      {
        "status": "affected",
        "version": "SAP_APPL 605"
      },
      {
        "status": "affected",
        "version": "SAP_APPL 606"
      },
      {
        "status": "affected",
        "version": "SAP_APPL 616"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/1794761

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

6.1 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

6 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVE-2023-32115

nvd1 prion1 cvelist1