SapCVELIST:CVE-2023-0019CVE-2023-0019
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
27.8%
In SAP GRC (Process Control) - versions GRCFND_A V1200, GRCFND_A V8100, GRCPINW V1100_700, GRCPINW V1100_731, GRCPINW V1200_750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the database. Successful exploitation of this vulnerability can expose user credentials from client-specific tables of the database, leading to high impact on confidentiality.
CNA Affected
[
{
"defaultStatus": "unaffected",
"product": "SAP GRC (Process Control)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "V1200"
},
{
"status": "affected",
"version": "V8100"
},
{
"status": "affected",
"version": "V1100_700"
},
{
"status": "affected",
"version": "V1100_731"
},
{
"status": "affected",
"version": "V1200_750"
}
]
}
]Related
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
6.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
27.8%