CVE-2023-32115
4.2
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
Summary
An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | Master Data Synchronization (MDS COMPARE TOOL) | SAP_APPL 600 | affected |
| SAP_SE | Master Data Synchronization (MDS COMPARE TOOL) | SAP_APPL 602 | affected |
| SAP_SE | Master Data Synchronization (MDS COMPARE TOOL) | SAP_APPL 603 | affected |
| SAP_SE | Master Data Synchronization (MDS COMPARE TOOL) | SAP_APPL 604 | affected |
| SAP_SE | Master Data Synchronization (MDS COMPARE TOOL) | SAP_APPL 605 | affected |
| SAP_SE | Master Data Synchronization (MDS COMPARE TOOL) | SAP_APPL 606 | affected |
| SAP_SE | Master Data Synchronization (MDS COMPARE TOOL) | SAP_APPL 616 | affected |
Weaknesses
- CWE-89: CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
ADP Enrichment
CVE Program Container
Additional References
- https://launchpad.support.sap.com/#/notes/1794761
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://launchpad.support.sap.com/#/notes/1794761
- https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.