What is the severity of CVE-2023-0019?

CVE-2023-0019 is considered a high severity vulnerability due to the potential unauthorized access to confidential data.

How do I fix CVE-2023-0019?

To fix CVE-2023-0019, you should apply the latest security patches provided by SAP for your GRC Process Control version.

Who is affected by CVE-2023-0019?

CVE-2023-0019 affects SAP GRC Process Control versions GRCFND_A V1200, GRCFND_A V8100, and GRCPINW versions detailed in the vulnerability description.

What type of attacker can exploit CVE-2023-0019?

An authenticated attacker with minimal privileges can exploit CVE-2023-0019 to access confidential data.

What specific SAP products are impacted by CVE-2023-0019?

CVE-2023-0019 impacts SAP GRC Process Control specifically versions V1100_700, V1100_731, V1200, and V1200_750.

Vulnerability/
CVE-2023-0019

medium

6.5

CWE

862

14/2/2023

20/3/2025

CVE-2023-0019

First published: Tue Feb 14 2023(Updated: )

In SAP GRC (Process Control) - versions GRCFND_A V1200, GRCFND_A V8100, GRCPINW V1100_700, GRCPINW V1100_731, GRCPINW V1200_750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the database. Successful exploitation of this vulnerability can expose user credentials from client-specific tables of the database, leading to high impact on confidentiality.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
SAP GRC Process Control	=v1100_700
SAP GRC Process Control	=v1100_731
SAP GRC Process Control	=v1200
SAP GRC Process Control	=v1200_750
SAP GRC Process Control	=v8100

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-0019?
CVE-2023-0019 is considered a high severity vulnerability due to the potential unauthorized access to confidential data.
How do I fix CVE-2023-0019?
To fix CVE-2023-0019, you should apply the latest security patches provided by SAP for your GRC Process Control version.
Who is affected by CVE-2023-0019?
CVE-2023-0019 affects SAP GRC Process Control versions GRCFND_A V1200, GRCFND_A V8100, and GRCPINW versions detailed in the vulnerability description.
What type of attacker can exploit CVE-2023-0019?
An authenticated attacker with minimal privileges can exploit CVE-2023-0019 to access confidential data.
What specific SAP products are impacted by CVE-2023-0019?
CVE-2023-0019 impacts SAP GRC Process Control specifically versions V1100_700, V1100_731, V1200, and V1200_750.

agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/severity
agent/weakness
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/sap
canonical/sap grc process control
version/sap grc process control/v1100_700
version/sap grc process control/v1100_731
version/sap grc process control/v1200
version/sap grc process control/v1200_750
version/sap grc process control/v8100

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.