CVE-2023-32115 — MEDIUM (4.2)

Vulnerability Description

An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system.

CVSS Score

4.2

MEDIUM

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Sap	Master Data Synchronization	600

Related Weaknesses (CWE)

CWE-89

References

https://launchpad.support.sap.com/#/notes/1794761Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory
https://launchpad.support.sap.com/#/notes/1794761Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory

FAQ

What is CVE-2023-32115?

CVE-2023-32115 is a vulnerability with a CVSS score of 4.2 (MEDIUM). An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system.

How severe is CVE-2023-32115?

CVE-2023-32115 has been rated MEDIUM with a CVSS base score of 4.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-32115?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Master Data Synchronization.