NTLM Auth Leak via SAP GUI Windows 7.70/8.0
CVE-2023-32113 Published on May 9, 2023
Information Disclosure vulnerability in SAP GUI for Windows
SAP GUI for Windows - version 7.70, 8.0, allows an unauthorized attacker to gain NTLM authentication information of a victim by tricking it into clicking a prepared shortcut file. Depending on the authorizations of the victim, the attacker can read and modify potentially sensitive information after successful exploitation.
Vulnerability Analysis
Weakness Type
What is an Information Disclosure Vulnerability?
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CVE-2023-32113 has been classified to as an Information Disclosure vulnerability or weakness.
Products Associated with CVE-2023-32113
Want to know whenever a new CVE is published for SAP Gui For Windows? stack.watch will email you.
Affected Versions
SAP_SE SAP GUI for Windows:- Version <= 7.70 is affected.
- Version 7.70 PL0, <= 7.70 PL11 is affected.
- Version 8.00 PL0, <= 8.00 PL1 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.