CVE-2023-32112: Missing Authorization Check in Vendor Master Hierarchy
First published: Tue May 09 2023(Updated: )
Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. This could lead to modification of data impacting the integrity of the system.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP S/4HANA | =100 | |
| Sap Vendor Master Hierarchy | =sap_appl_500 | |
| Sap Vendor Master Hierarchy | =sap_appl_600 | |
| Sap Vendor Master Hierarchy | =sap_appl_602 | |
| Sap Vendor Master Hierarchy | =sap_appl_603 | |
| Sap Vendor Master Hierarchy | =sap_appl_604 | |
| Sap Vendor Master Hierarchy | =sap_appl_605 | |
| Sap Vendor Master Hierarchy | =sap_appl_606 | |
| Sap Vendor Master Hierarchy | =sap_appl_616 | |
| Sap Vendor Master Hierarchy | =sap_appl_617 | |
| Sap Vendor Master Hierarchy | =sap_appl_618 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is vulnerability CVE-2023-32112?
Vulnerability CVE-2023-32112 is a security flaw in the Vendor Master Hierarchy software that allows authenticated users to access certain functions without proper authorization checks.
Which versions of SAP_APPL are affected by CVE-2023-32112?
Versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, and S4CORE 100 are affected by CVE-2023-32112.
What is the severity of vulnerability CVE-2023-32112?
The severity of vulnerability CVE-2023-32112 is medium, with a severity value of 5.5.
How can I fix vulnerability CVE-2023-32112?
To fix vulnerability CVE-2023-32112, it is recommended to apply the necessary patches or updates provided by SAP.
Where can I find more information about vulnerability CVE-2023-32112?
More information about vulnerability CVE-2023-32112 can be found on the SAP website and in the SAP support notes.
- collector/nvd-latest
- agent/type
- agent/references
- agent/title
- agent/weakness
- agent/author
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/source
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/sap
- canonical/sap s/4hana
- version/sap s/4hana/100
- canonical/sap vendor master hierarchy
- version/sap vendor master hierarchy/sap_appl_500
- version/sap vendor master hierarchy/sap_appl_600
- version/sap vendor master hierarchy/sap_appl_602
- version/sap vendor master hierarchy/sap_appl_603
- version/sap vendor master hierarchy/sap_appl_604
- version/sap vendor master hierarchy/sap_appl_605
- version/sap vendor master hierarchy/sap_appl_606
- version/sap vendor master hierarchy/sap_appl_616
- version/sap vendor master hierarchy/sap_appl_617
- version/sap vendor master hierarchy/sap_appl_618