CVE-2023-39436

Summary

SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP Supplier Relationship Management600affected
SAP_SESAP Supplier Relationship Management602affected
SAP_SESAP Supplier Relationship Management603affected
SAP_SESAP Supplier Relationship Management604affected
SAP_SESAP Supplier Relationship Management605affected
SAP_SESAP Supplier Relationship Management606affected
SAP_SESAP Supplier Relationship Management616affected
SAP_SESAP Supplier Relationship Management617affected

Weaknesses

  • CWE-306: CWE-306: Missing Authentication for Critical Function

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References