CVE-2023-39436
Information Disclosure in SAP Supplier Relationship Management
Severity Score
5.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
Attend
*SSVC
Descriptions
SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:Attend
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-08-01 CVE Reserved
- 2023-08-08 CVE Published
- 2024-09-09 EPSS Updated
- 2024-10-15 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
- CWE-306: Missing Authentication for Critical Function
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html | 2023-08-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Supplier Relationship Management Search vendor "Sap" for product "Supplier Relationship Management" | 600 Search vendor "Sap" for product "Supplier Relationship Management" and version "600" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Supplier Relationship Management Search vendor "Sap" for product "Supplier Relationship Management" | 602 Search vendor "Sap" for product "Supplier Relationship Management" and version "602" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Supplier Relationship Management Search vendor "Sap" for product "Supplier Relationship Management" | 603 Search vendor "Sap" for product "Supplier Relationship Management" and version "603" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Supplier Relationship Management Search vendor "Sap" for product "Supplier Relationship Management" | 604 Search vendor "Sap" for product "Supplier Relationship Management" and version "604" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Supplier Relationship Management Search vendor "Sap" for product "Supplier Relationship Management" | 605 Search vendor "Sap" for product "Supplier Relationship Management" and version "605" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Supplier Relationship Management Search vendor "Sap" for product "Supplier Relationship Management" | 606 Search vendor "Sap" for product "Supplier Relationship Management" and version "606" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Supplier Relationship Management Search vendor "Sap" for product "Supplier Relationship Management" | 616 Search vendor "Sap" for product "Supplier Relationship Management" and version "616" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Supplier Relationship Management Search vendor "Sap" for product "Supplier Relationship Management" | 617 Search vendor "Sap" for product "Supplier Relationship Management" and version "617" | - |
Affected
| ||||||