CVE-2023-0019 MEDIUM

CVE-2023-0019

Vendor Sap_Se

Product SAP GRC (Process Control)

Weakness CWE-862 · Missing authorization

Published February 14, 2023

Last update March 20, 2025

View on NVD All CVEs

CVSS base score

6.5/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality High

Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

In SAP GRC (Process Control) - versions GRCFND_A V1200, GRCFND_A V8100, GRCPINW V1100_700, GRCPINW V1100_731, GRCPINW V1200_750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the database. Successful exploitation of this vulnerability can expose user credentials from client-specific tables of the database, leading to high impact on confidentiality.

Key dates

02Disclosure timeline

February 14, 2023 CVE published

March 20, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2023-0019 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/862.html

Related vulnerabilities

Identifiers

CVE CVE-2023-0019

CWE CWE-862

CVSS 6.5 / MEDIUM

Affected versions

Vendor Sap_Se

Product SAP GRC (Process Control)

Affected V1200

Vendor Sap_Se

Product SAP GRC (Process Control)

Affected V8100

Vendor Sap_Se

Product SAP GRC (Process Control)

Affected V1100_700

Vendor Sap_Se

Product SAP GRC (Process Control)

Affected V1100_731

Vendor Sap_Se

Product SAP GRC (Process Control)

Affected V1200_750

CVE-2023-0019

01Description

02Disclosure timeline

03References

04Related CVE