Skip to main content

S4core CVE-2023-32112

MEDIUM
Missing Authorization (CWE-862)
2023-05-09 cna@sap.com
5.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
None

Lifecycle Timeline

1
CVE Published
May 09, 2023 - 02:15 nvd
MEDIUM 5.5

DescriptionNVD

Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. This could lead to modification of data impacting the integrity of the system.

AnalysisAI

Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Missing Authorization (CWE-862), which allows attackers to access resources or perform actions without proper authorization checks. Vendor Master Hierarchy - versions SAP_APPL 500, SAP_APPL 600, SAP_APPL 602, SAP_APPL 603, SAP_APPL 604, SAP_APPL 605, SAP_APPL 606, SAP_APPL 616, SAP_APPL 617, SAP_APPL 618, S4CORE 100, does not perform necessary authorization checks for an authenticated user to access some of its function. This could lead to modification of data impacting the integrity of the system. Affected products include: Sap S4Core, Sap Vendor Master Hierarchy.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Implement role-based access control, validate authorization on every request server-side, apply principle of least privilege.

More in S4core

View all
CVE-2021-33701 CRITICAL POC
9.1 Sep 15

DMIS Mobile Plug-In or SAP S/4HANA, versions - DMIS 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 710, 201

CVE-2023-35870 HIGH
7.3 Jul 11

When creating a journal entry template in SAP S/4HANA (Manage Journal Entry Template) - versions S4CORE 104, 105, 106, 1

CVE-2024-39592 MEDIUM
6.5 Jul 09

Elements of PDCE does not perform necessary authorization checks for an authenticated user, resulting in escalation of p

CVE-2026-0505 MEDIUM
6.1 Feb 10

Unauthenticated attackers can manipulate unvalidated URL parameters in S4core, Document Management System, and ERP appli

CVE-2026-24323 MEDIUM
6.1 Feb 10

Document Management System versions up to 600 is affected by url redirection to untrusted site (open redirect) (CVSS 6.1

CVE-2024-37172 MEDIUM
5.4 Jul 09

SAP S/4HANA Finance (Advanced Payment Management) does not perform necessary authorization check for an authenticated us

CVE-2023-40625 MEDIUM
5.4 Sep 12

S4CORE (Manage Purchase Contracts App) - versions 102, 103, 104, 105, 106, 107, does not perform necessary authorization

CVE-2023-29110 MEDIUM
5.4 Apr 11

The SAP Application Interface (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 100, 101, SAP_BASIS 755, 756, SAP

CVE-2023-29109 MEDIUM
4.6 Apr 11

The SAP Application Interface Framework (Message Dashboard) - versions AIF 703, AIFX 702, S4CORE 101, SAP_BASIS 755, 756

CVE-2018-2419 MEDIUM
4.6 May 09

SAP Enterprise Financial Services (SAPSCORE 1.11, 1.12; S4CORE 1.01, 1.02; EA-FINSERV 6.04, 6.05, 6.06, 6.16, 6.17, 6.18

CVE-2026-23688 MEDIUM
4.3 Feb 10

Insufficient authorization checks in SAP Fiori App Manage Service Entry Sheets allow authenticated users to escalate pri

Share

CVE-2023-32112 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy