CVE-2023-0023 MEDIUM

CVE-2023-0023: Information Disclosure in SAP Bank Account Management (Manage Banks)

Vendor Sap
Product Bank Account Management (Manage Banks)
Weakness CWE-200 · Info exposure
Published January 10, 2023
Last update April 9, 2025
View on NVD All CVEs

CVSS base score

4.5/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

In SAP Bank Account Management (Manage Banks) application, when a user clicks a smart link to navigate to another app, personal data is shown directly in the URL. They might get captured in log files, bookmarks, and so on disclosing sensitive data of the application.

Key dates

02Disclosure timeline

January 10, 2023 CVE published
April 9, 2025 Record updated