CVE-2023-32113

EUVD-2023-36381
SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
sapCNA
7.5 HIGH
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
sapgui_for_windows
𝑥
< 7.70
sapgui_for_windows
7.70
sapgui_for_windows
7.70:patch_level1
sapgui_for_windows
7.70:patch_level10
sapgui_for_windows
7.70:patch_level11
sapgui_for_windows
7.70:patch_level2
sapgui_for_windows
7.70:patch_level3
sapgui_for_windows
7.70:patch_level4
sapgui_for_windows
7.70:patch_level5
sapgui_for_windows
7.70:patch_level6
sapgui_for_windows
7.70:patch_level7
sapgui_for_windows
7.70:patch_level8
sapgui_for_windows
7.70:patch_level9
sapgui_for_windows
8.0
sapgui_for_windows
8.0:patch_level1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/3320467
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://launchpad.support.sap.com/#/notes/3320467
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html