CVE-2023-0019

Name of the Vulnerable Software and Affected Versions SAP GRC (Process Control) versions GRCFND A V8100 through GRCFND A V1200 SAP GRC (Process Control) versions GRCPINW V1100 700 through GRCPINW V1200 750

Description The issue allows an authenticated attacker with minimal privileges to access all confidential data stored in the database through a remote-enabled function module in the proprietary SAP solution. Successful exploitation can expose user credentials from client-specific tables of the database, leading to a high impact on confidentiality.

Recommendations For SAP GRC (Process Control) versions GRCFND A V8100 through GRCFND A V1200, consider disabling the remote-enabled function module until a patch is available. For SAP GRC (Process Control) versions GRCPINW V1100 700 through GRCPINW V1200 750, restrict access to the function module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.