Lucene search

[email protected]CVE-2023-32113

HistoryMay 09, 2023 - 2:15 a.m.

CVE-2023-32113

2023-05-0902:15:12

CWE-200

[email protected]

web.nvd.nist.gov

sap

gui

windows

ntlm

authentication

information disclosure

cve-2023-32113

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

9.1 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

46.9%

JSON

SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.

CPENameOperatorVersion
sap:gui_for_windowssap gui for windowslt7.70
sap:gui_for_windowssap gui for windowseq7.60
sap:gui_for_windowssap gui for windowseq7.50_core_sp000
sap:gui_for_windowssap gui for windowseq7.50
sap:gui_for_windowssap gui for windowseq7.20_compilation_2
sap:gui_for_windowssap gui for windowseq7.30
sap:gui_for_windowssap gui for windowseq7.40_core_sp00-sp011
sap:gui_for_windowssap gui for windowseq7.20
sap:gui_for_windowssap gui for windowseq7.70
sap:gui_for_windowssap gui for windowseq8.0

CPE	Name	Operator	Version
sap:gui_for_windows	sap gui for windows	lt	7.70
sap:gui_for_windows	sap gui for windows	eq	7.60
sap:gui_for_windows	sap gui for windows	eq	7.50_core_sp000
sap:gui_for_windows	sap gui for windows	eq	7.50
sap:gui_for_windows	sap gui for windows	eq	7.20_compilation_2
sap:gui_for_windows	sap gui for windows	eq	7.30
sap:gui_for_windows	sap gui for windows	eq	7.40_core_sp00-sp011
sap:gui_for_windows	sap gui for windows	eq	7.20
sap:gui_for_windows	sap gui for windows	eq	7.70
sap:gui_for_windows	sap gui for windows	eq	8.0

References

launchpad.support.sap.com/#/notes/3320467

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

9.3 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N

9.1 High

AI Score

Confidence

High

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

46.9%

JSON

Related for CVE-2023-32113

prion1 cvelist1