CVE-2023-32112 Missing Authorization Check in Vendor Master Hierarchy

🗓️ 09 May 2023 01:42:23Reported by sapType

Authorization check vulnerability in SAP_APPL and S4CORE versions

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2023-32112	9 May 202307:43	–	circl
CNNVD	SAP Vendor Master Hierarchy 安全漏洞	9 May 202300:00	–	cnnvd
CVE	CVE-2023-32112	9 May 202301:42	–	cve
EUVD	EUVD-2023-36380	3 Oct 202520:07	–	euvd
NVD	CVE-2023-32112	9 May 202302:15	–	nvd
Prion	Authorization	9 May 202302:15	–	prion
Positive Technologies	PT-2023-23621 · Sap · S4Core +1	9 May 202300:00	–	ptsecurity
RedhatCVE	CVE-2023-32112	23 May 202505:10	–	redhatcve
Vulnrichment	CVE-2023-32112 Missing Authorization Check in Vendor Master Hierarchy	9 May 202301:42	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "Vendor Master Hierarchy",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "SAP_APPL 500"
      },
      {
        "status": "affected",
        "version": "SAP_APPL 600"
      },
      {
        "status": "affected",
        "version": "SAP_APPL 602"
      },
      {
        "status": "affected",
        "version": "SAP_APPL 603"
      },
      {
        "status": "affected",
        "version": "SAP_APPL 604"
      },
      {
        "status": "affected",
        "version": "SAP_APPL 605"
      },
      {
        "status": "affected",
        "version": "SAP_APPL 606"
      },
      {
        "status": "affected",
        "version": "SAP_APPL 616"
      },
      {
        "status": "affected",
        "version": "SAP_APPL 617"
      },
      {
        "status": "affected",
        "version": "SAP_APPL 618"
      },
      {
        "status": "affected",
        "version": "S4CORE 100"
      }
    ]
  }
]

Source	Link
sap	www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
launchpad	www.launchpad.support.sap.com/

09 May 2023 01:46Current

5.7Medium risk

Vulners AI Score5.7

CVSS 3.12.8

EPSS0.00107

CWE-862