Vulnerabilites related to sap - master_data_synchronization
Vulnerability from fkie_nvd
Published
2023-06-13 03:15
Modified
2024-11-21 08:02
Severity ?
4.2 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
6.1 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
Summary
An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sap | master_data_synchronization | 600 | |
| sap | master_data_synchronization | 602 | |
| sap | master_data_synchronization | 603 | |
| sap | master_data_synchronization | 604 | |
| sap | master_data_synchronization | 605 | |
| sap | master_data_synchronization | 606 | |
| sap | master_data_synchronization | 616 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:master_data_synchronization:600:*:*:*:*:*:*:*",
"matchCriteriaId": "164BE6C3-871C-49C1-8CCD-FD2659F4C6EF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:master_data_synchronization:602:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF40ABC-A7D1-408C-A281-DEA0BC688291",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:master_data_synchronization:603:*:*:*:*:*:*:*",
"matchCriteriaId": "85319F2E-8910-46EB-B6EE-FFF2425EE076",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:master_data_synchronization:604:*:*:*:*:*:*:*",
"matchCriteriaId": "195E9910-DFA1-44A9-86E2-B389B442CFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:master_data_synchronization:605:*:*:*:*:*:*:*",
"matchCriteriaId": "EC29B5FE-7642-4775-A74F-43B2E6A3F114",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:master_data_synchronization:606:*:*:*:*:*:*:*",
"matchCriteriaId": "95441179-BD7B-4E68-AB77-BC9739D28BE3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:sap:master_data_synchronization:616:*:*:*:*:*:*:*",
"matchCriteriaId": "25F1FC67-7AA7-4E93-8A55-9C25CD7A051D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system.\n\n"
}
],
"id": "CVE-2023-32115",
"lastModified": "2024-11-21T08:02:44.353",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.1,
"impactScore": 2.7,
"source": "cna@sap.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2023-06-13T03:15:09.473",
"references": [
{
"source": "cna@sap.com",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/1794761"
},
{
"source": "cna@sap.com",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Permissions Required"
],
"url": "https://launchpad.support.sap.com/#/notes/1794761"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"sourceIdentifier": "cna@sap.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "cna@sap.com",
"type": "Primary"
}
]
}
cve-2023-32115
Vulnerability from cvelistv5
Published
2023-06-13 02:42
Modified
2025-01-03 02:05
Severity ?
EPSS score ?
Summary
An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SAP_SE | Master Data Synchronization (MDS COMPARE TOOL) |
Version: SAP_APPL 600 Version: SAP_APPL 602 Version: SAP_APPL 603 Version: SAP_APPL 604 Version: SAP_APPL 605 Version: SAP_APPL 606 Version: SAP_APPL 616 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:29.236Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://launchpad.support.sap.com/#/notes/1794761"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-32115",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-01-03T02:05:30.596341Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-01-03T02:05:51.219Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Master Data Synchronization (MDS COMPARE TOOL)",
"vendor": "SAP_SE",
"versions": [
{
"status": "affected",
"version": "SAP_APPL 600"
},
{
"status": "affected",
"version": "SAP_APPL 602"
},
{
"status": "affected",
"version": "SAP_APPL 603"
},
{
"status": "affected",
"version": "SAP_APPL 604"
},
{
"status": "affected",
"version": "SAP_APPL 605"
},
{
"status": "affected",
"version": "SAP_APPL 606"
},
{
"status": "affected",
"version": "SAP_APPL 616"
}
]
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cp\u003eAn attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system.\u003c/p\u003e"
}
],
"value": "An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89: Improper Neutralization of Special Elements used in an SQL Command (\u0027SQL Injection\u0027)",
"lang": "eng",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-13T02:42:28.223Z",
"orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"shortName": "sap"
},
"references": [
{
"url": "https://launchpad.support.sap.com/#/notes/1794761"
},
{
"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "SQL Injection in Master Data Synchronization (MDS COMPARE TOOL)",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
"assignerShortName": "sap",
"cveId": "CVE-2023-32115",
"datePublished": "2023-06-13T02:42:28.223Z",
"dateReserved": "2023-05-03T14:48:13.764Z",
"dateUpdated": "2025-01-03T02:05:51.219Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}