CVE-2023-39436 — Missing Authentication for Critical Function in SE SAP Supplier Relationship Management

CWE-306 — Missing Authentication for Critical Function CWE-200 — Sensitive Information Exposure3 documents3 sources

Severity

5.8MEDIUMNVD

EPSS

0.2%

top 61.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Supplier Relationship Management SAP Supplier Relationship Management

Timeline

PublishedAug 8

Description

SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDsap/supplier_relationship_management8 versions+7

▶CVEListV5sap_se/sap_supplier_relationship_management8 versions+7

🔴Vulnerability Details

GHSA

GHSA-455r-7p7w-hg5r: SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relatin↗2023-08-08

▶

CVEList

Information Disclosure in SAP Supplier Relationship Management↗2023-08-08

▶