CVE-2023-32113

SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
sapCNA
7.5 HIGH
ADJACENT_NETWORK
HIGH
NONE
CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
sapgui_for_windows
𝑥
< 7.70
sapgui_for_windows
7.70
sapgui_for_windows
7.70:patch_level1
sapgui_for_windows
7.70:patch_level10
sapgui_for_windows
7.70:patch_level11
sapgui_for_windows
7.70:patch_level2
sapgui_for_windows
7.70:patch_level3
sapgui_for_windows
7.70:patch_level4
sapgui_for_windows
7.70:patch_level5
sapgui_for_windows
7.70:patch_level6
sapgui_for_windows
7.70:patch_level7
sapgui_for_windows
7.70:patch_level8
sapgui_for_windows
7.70:patch_level9
sapgui_for_windows
8.0
sapgui_for_windows
8.0:patch_level1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/3320467
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://launchpad.support.sap.com/#/notes/3320467
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html