CVE-2023-32115

Summary

An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system.

Affected Software

VendorProductVersion RangeStatus
SAP_SEMaster Data Synchronization (MDS COMPARE TOOL)SAP_APPL 600affected
SAP_SEMaster Data Synchronization (MDS COMPARE TOOL)SAP_APPL 602affected
SAP_SEMaster Data Synchronization (MDS COMPARE TOOL)SAP_APPL 603affected
SAP_SEMaster Data Synchronization (MDS COMPARE TOOL)SAP_APPL 604affected
SAP_SEMaster Data Synchronization (MDS COMPARE TOOL)SAP_APPL 605affected
SAP_SEMaster Data Synchronization (MDS COMPARE TOOL)SAP_APPL 606affected
SAP_SEMaster Data Synchronization (MDS COMPARE TOOL)SAP_APPL 616affected

Weaknesses

  • CWE-89: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References