Information Disclosure vulnerability in SAP GUI for Windows
CVE-2023-32113

9.3CRITICAL

Key Information:

Vendor: SAP
Status: SAP Gui For Windows
Vendor: CVE Published:; 9 May 2023

Summary

The vulnerability in SAP GUI for Windows versions 7.70 and 8.0 allows unauthorized attackers to exploit NTLM authentication information. This occurs when a victim unwittingly clicks on a specially crafted shortcut file. If the victim possesses certain authorizations, the attacker may gain access to, read, or modify sensitive information following successful exploitation.

Affected Version(s)

SAP GUI for Windows <= 7.70 <= 7.70

SAP GUI for Windows 7.70 PL0 <= 7.70 PL11

SAP GUI for Windows 8.00 PL0 <= 8.00 PL1

References

https://launchpad.support.sap.com/#/notes/3320467

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

9.3

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Timeline

Vulnerability published
May 9, 2023
Vulnerability Reserved
May 3, 2023