CVE-2023-32115

MEDIUM

SAP Master Data Synchronization - SQL Injection via MDS COMPARE TOOL

Title source: llm

Description

An attacker can exploit MDS COMPARE TOOL and use specially crafted inputs to read and modify database commands, resulting in the retrieval of additional information persisted by the system.

References (2)

Core 2

Core References

Permissions Required

https://launchpad.support.sap.com/#/notes/1794761

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 4.2

EPSS 0.0020

EPSS Percentile 42.3%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-89

Status published

Products (7)

sap/master_data_synchronization 600

sap/master_data_synchronization 602

sap/master_data_synchronization 603

sap/master_data_synchronization 604

sap/master_data_synchronization 605

sap/master_data_synchronization 606

sap/master_data_synchronization 616

Published Jun 13, 2023

Tracked Since Feb 18, 2026