Auth bypass in Sap S4core
CVE-2023-32112
Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for…
Vulnerability class: Broken Access Control
EPSS: 0.001 (4.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 2.8 (Low). Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N.
Affected products
- Sap S4core — versions 100
- Sap Vendor_master_hierarchy — versions sap_appl_500, sap_appl_600, sap_appl_602
- Sap_se Vendor Master Hierarchy — versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602
Weakness classification (CWE)
References
- cna@sap.com (Broken Link)
- cna@sap.com (Vendor Advisory)
Frequently asked questions
- What is CVE-2023-32112?
- CVE-2023-32112 is a low-severity vulnerability in Sap S4core, classified under Missing Authorization. CVSS score: 2.8/10. Published 2023-05-09.
- How severe is CVE-2023-32112?
- Low severity. CVSS v3 base score is 2.8 out of 10.