CVE-2023-0019
Severity Score
6.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
In SAP GRC (Process Control) - versions GRCFND_A V1200, GRCFND_A V8100, GRCPINW V1100_700, GRCPINW V1100_731, GRCPINW V1200_750, remote-enabled function module in the proprietary SAP solution enables an authenticated attacker with minimal privileges to access all the confidential data stored in the database. Successful exploitation of this vulnerability can expose user credentials from client-specific tables of the database, leading to high impact on confidentiality.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2022-12-20 CVE Reserved
- 2023-02-14 CVE Published
- 2024-08-02 CVE Updated
- 2024-09-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-862: Missing Authorization
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | 2023-11-07 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Grc Process Control Search vendor "Sap" for product "Grc Process Control" | v1100_700 Search vendor "Sap" for product "Grc Process Control" and version "v1100_700" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Grc Process Control Search vendor "Sap" for product "Grc Process Control" | v1100_731 Search vendor "Sap" for product "Grc Process Control" and version "v1100_731" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Grc Process Control Search vendor "Sap" for product "Grc Process Control" | v1200 Search vendor "Sap" for product "Grc Process Control" and version "v1200" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Grc Process Control Search vendor "Sap" for product "Grc Process Control" | v1200_750 Search vendor "Sap" for product "Grc Process Control" and version "v1200_750" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Grc Process Control Search vendor "Sap" for product "Grc Process Control" | v8100 Search vendor "Sap" for product "Grc Process Control" and version "v8100" | - |
Affected
| ||||||