CVE-2023-0023— Information Disclosure in SAP Bank Account Management (Manage Banks)
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-0023
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Information Disclosure in SAP Bank Account Management (Manage Banks)
Source: NVD (National Vulnerability Database)
Vulnerability Description
In SAP Bank Account Management (Manage Banks) application, when a user clicks a smart link to navigate to another app, personal data is shown directly in the URL. They might get captured in log files, bookmarks, and so on disclosing sensitive data of the application.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
SAP Bank Account Management 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SAP Bank Account Management是德国思爱普(SAP)公司的一个银行账户管理系统。 SAP Bank Account Management(Manage Banks)应用程序存在信息泄露漏洞,该漏洞源于当用户单击智能链接导航到另一个应用程序时,个人数据将直接显示在其URL中。它们可能会在日志文件、书签等中被捕获,从而泄露应用程序的敏感数据。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SAP | Bank Account Management (Manage Banks) | 800 | - |
II. Public POCs for CVE-2023-0023
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-0023
请登录查看更多情报信息。
Same Patch Batch · SAP · 2023-01-10 · 9 CVEs total
| CVE-2023-0018 | 10.0 CRITICAL | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence Plat |
| CVE-2023-0016 | 9.9 CRITICAL | SQL Injection vulnerability in SAP Business Planning and Consolidation MS |
| CVE-2023-0022 | 9.9 CRITICAL | Code Injection vulnerability in SAP BusinessObjects Business Intelligence platform (Analys |
| CVE-2023-0017 | 9.4 CRITICAL | Improper access control in SAP NetWeaver AS for Java |
| CVE-2023-0014 | 9.0 CRITICAL | Capture-replay vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform |
| CVE-2023-0012 | 6.4 MEDIUM | Local Privilege Escalation in SAP Host Agent (Windows) |
| CVE-2023-0013 | 6.1 MEDIUM | Cross-Site Scripting (XSS) vulnerability in SAP NetWeaver AS for ABAP and ABAP Platform |
| CVE-2023-0015 | 4.6 MEDIUM | Cross-Site Scripting (XSS) vulnerability in SAP BusinessObjects Business Intelligence (Web |
IV. Related Vulnerabilities
Same vendor: SAP
- CVE-2023-29189
HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI) - CVE-2023-29187
DLL Hijacking vulnerability in SapSetup (Software Installati - CVE-2023-29186
Directory/Path Traversal vulnerability in SAP NetWeaver. - CVE-2023-29185
Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Busine - CVE-2023-29112
Code Injection vulnerability in SAP Application Interface Fr
Same weakness: CWE-200
- CVE-2026-42333
quarkus-openapi-generator has overly broad path-parameter ma - CVE-2026-8198
Activity Logs, User Activity Tracking, Multisite Activity Lo - CVE-2026-42456
AnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (ID - CVE-2026-41520
Cillium exposes sensitive information included in the cilium - CVE-2026-25199
Apache CloudStack: Proxmox Extension Allows Unauthorized Cro
V. Comments for CVE-2023-0023
No comments yet