CVE-2023-32115

Опубликовано: 13 июн. 2023

Источник: nvd

CVSS3: 4.2

CVSS3: 6.1

EPSS Низкий

Описание

An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system.

Ссылки

https://launchpad.support.sap.com/#/notes/1794761
Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Vendor Advisory
https://launchpad.support.sap.com/#/notes/1794761
Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:master_data_synchronization:600:*:*:*:*:*:*:*

cpe:2.3:a:sap:master_data_synchronization:602:*:*:*:*:*:*:*

cpe:2.3:a:sap:master_data_synchronization:603:*:*:*:*:*:*:*

cpe:2.3:a:sap:master_data_synchronization:604:*:*:*:*:*:*:*

cpe:2.3:a:sap:master_data_synchronization:605:*:*:*:*:*:*:*

cpe:2.3:a:sap:master_data_synchronization:606:*:*:*:*:*:*:*

cpe:2.3:a:sap:master_data_synchronization:616:*:*:*:*:*:*:*

EPSS

Процентиль: 35%

0.00139

Низкий

4.2 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-89

Связанные уязвимости

GHSA-565h-85rp-88r3

CVSS3: 4.2

github

больше 2 лет назад

An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system.

EPSS

Процентиль: 35%

0.00139

Низкий

4.2 Medium

CVSS3

6.1 Medium

CVSS3

Дефекты

CWE-89