Auth bypass in Sap S4core

CVE-2023-32112

Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for…

Vulnerability class: Broken Access Control

EPSS: 0.001 (4.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 2.8 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2023-32112?
CVE-2023-32112 is a low-severity vulnerability in Sap S4core, classified under Missing Authorization. CVSS score: 2.8/10. Published 2023-05-09.
How severe is CVE-2023-32112?
Low severity. CVSS v3 base score is 2.8 out of 10.