Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-0019

In SAP GRC (Process Control) - versions GRCFND_A V1200, GRCFND_A V8100, GRCPINW V1100_700, GRCPINW V1100_731, GRCPINW V1200_750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the database. Successful exploitation of this vulnerability can expose user credentials from client-specific tables of the database, leading to high impact on confidentiality.

Published

2023-02-14T04:15:10.073

Last Modified

2024-11-21T07:36:24.350

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	grc_process_control	v1100_700	Yes
Application	sap	grc_process_control	v1100_731	Yes
Application	sap	grc_process_control	v1200	Yes
Application	sap	grc_process_control	v1200_750	Yes
Application	sap	grc_process_control	v8100	Yes

References

https://launchpad.support.sap.com/#/notes/3281724 Permissions Required ([email protected])
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory ([email protected])
https://launchpad.support.sap.com/#/notes/3281724 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)