CVE-2023-39436 — MEDIUM (5.8)

Vulnerability Description

SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM.

CVSS Score

5.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Sap	Supplier Relationship Management	600

Related Weaknesses (CWE)

CWE-306

References

https://me.sap.com/notes/2067220Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory
https://me.sap.com/notes/2067220Permissions Required
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlVendor Advisory

FAQ

What is CVE-2023-39436?

CVE-2023-39436 is a vulnerability with a CVSS score of 5.8 (MEDIUM). SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Pa...

How severe is CVE-2023-39436?

CVE-2023-39436 has been rated MEDIUM with a CVSS base score of 5.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-39436?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Supplier Relationship Management.