5.8
CVE-2023-39436
- EPSS 0.17%
- Published 08.08.2023 01:15:19
- Last modified 21.11.2024 08:15:25
- Source cna@sap.com
- Teams watchlist Login
- Open Login
SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM.
Data is provided by the National Vulnerability Database (NVD)
SAP ≫ Supplier Relationship Management Version600
SAP ≫ Supplier Relationship Management Version602
SAP ≫ Supplier Relationship Management Version603
SAP ≫ Supplier Relationship Management Version604
SAP ≫ Supplier Relationship Management Version605
SAP ≫ Supplier Relationship Management Version606
SAP ≫ Supplier Relationship Management Version616
SAP ≫ Supplier Relationship Management Version617
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.17% | 0.389 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.8 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
|
| cna@sap.com | 5.8 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
|
CWE-306 Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.