← Back

CVE-2023-39436

nvd nist
Published: Aug 8, 2023Modified: Nov 21, 2024

JSON object

Loading...
5.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Exploitability: 3.9 / Impact: 1.4
Source: NVD

Description

SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM.

Affected (8)

Sap
1 product
Supplier Relationship Management
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Supplier Relationship Management
Version 600
Supplier Relationship Management
Version 602
Supplier Relationship Management
Version 603
Supplier Relationship Management
Version 604
Supplier Relationship Management
Version 605
Supplier Relationship Management
Version 606
Supplier Relationship Management
Version 616
Supplier Relationship Management
Version 617

Related CWEs

CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (4)

Source: cna@sap.com
Permissions Required
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.