CVE-2023-39436

Published Aug 8, 2023

Last updated 2 months ago

CVSS medium 5.8

Overview

Description: SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM.
Source: cna@sap.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 5.8
Impact score: 1.4
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Severity: MEDIUM

Weaknesses

cna@sap.com: CWE-306

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sap:supplier_relationship_management:600:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "55527525-88C2-4FAD-AD3F-023928317556"
          },
          {
            "criteria": "cpe:2.3:a:sap:supplier_relationship_management:602:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "15FDAEAF-58BD-4839-839F-A1E8C8E0E0AE"
          },
          {
            "criteria": "cpe:2.3:a:sap:supplier_relationship_management:603:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "794DE5E4-B5A6-4ACC-8EBF-F76FCAD7369C"
          },
          {
            "criteria": "cpe:2.3:a:sap:supplier_relationship_management:604:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "685CA87A-7F6F-4D75-83D9-C5F26201257D"
          },
          {
            "criteria": "cpe:2.3:a:sap:supplier_relationship_management:605:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "189F4096-39A5-44E6-B954-70B45FA1F695"
          },
          {
            "criteria": "cpe:2.3:a:sap:supplier_relationship_management:606:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24247E81-67E8-42DE-9871-2EC7F0960A98"
          },
          {
            "criteria": "cpe:2.3:a:sap:supplier_relationship_management:616:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2EFCE15C-77A9-4C6E-8616-3F7EBA1EB220"
          },
          {
            "criteria": "cpe:2.3:a:sap:supplier_relationship_management:617:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67BE6CAE-5A02-4567-ADEA-2B16C763CA06"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References