CVE-2023-0023: Information Disclosure in SAP Bank Account Management (Manage Banks)
First published: Tue Jan 10 2023(Updated: )
In SAP Bank Account Management (Manage Banks) application, when a user clicks a smart link to navigate to another app, personal data is shown directly in the URL. They might get captured in log files, bookmarks, and so on disclosing sensitive data of the application.
Credit: cna@sap.com cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Bank Account Management | =800 | |
| SAP Bank Account Management | =900 | |
| =800 | ||
| =900 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-0023?
CVE-2023-0023 is rated as a medium severity vulnerability.
How do I fix CVE-2023-0023?
To fix CVE-2023-0023, ensure that personal data is not included in URLs generated by the SAP Bank Account Management application.
Which applications are affected by CVE-2023-0023?
CVE-2023-0023 affects SAP Bank Account Management versions 800 and 900.
What type of data is exposed in CVE-2023-0023?
CVE-2023-0023 exposes potentially sensitive personal data through URLs.
Can CVE-2023-0023 lead to data leakage?
Yes, CVE-2023-0023 can lead to data leakage as sensitive information may be captured in logs or bookmarks.
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/title
- agent/description
- agent/first-publish-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/last-modified-date
- agent/author
- agent/softwarecombine
- agent/event
- agent/tags
- agent/source
- vendor/sap
- canonical/sap bank account management
- version/sap bank account management/800
- version/sap bank account management/900