CVE-2023-32112 LOW

CVE-2023-32112: Missing Authorization Check in Vendor Master Hierarchy

Vendor Sap_Se
Product Vendor Master Hierarchy
Weakness CWE-862 · Missing authorization
Published May 9, 2023
Last update January 28, 2025

CVSS base score

2.8/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality None
Integrity Low

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

What the vulnerability does

01Description

Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. This could lead to modification of data impacting the integrity of the system.

Key dates

02Disclosure timeline

May 9, 2023 CVE published
January 28, 2025 Record updated