Design/Logic Flaw

2023-02-1404:15:00

PRIOn knowledge base

www.prio-n.com

sap grc

remote function module

unauthorized access

confidential data

database vulnerability

6.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

27.8%

JSON

In SAP GRC (Process Control) - versions GRCFND_A V1200, GRCFND_A V8100, GRCPINW V1100_700, GRCPINW V1100_731, GRCPINW V1200_750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the database. Successful exploitation of this vulnerability can expose user credentials from client-specific tables of the database, leading to high impact on confidentiality.

CPENameOperatorVersion
grc_process_controleq8100.0.118
grc_process_controleqv1100-700
grc_process_controleqv1100-731
grc_process_controleqv1200-750
grc_process_controleq1200.0.118

Name	Operator	Version
grc_process_control	eq	8100.0.118
grc_process_control	eq	v1100-700
grc_process_control	eq	v1100-731
grc_process_control	eq	v1200-750
grc_process_control	eq	1200.0.118