CVE-2023-32113

Summary

SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP GUI for Windows<= 7.70affected
SAP_SESAP GUI for Windows7.70 PL0 <= 7.70 PL11affected
SAP_SESAP GUI for Windows8.00 PL0 <= 8.00 PL1affected

Weaknesses

  • CWE-200: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References