CVE-2023-39439

Summary

SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.

Affected Software

VendorProductVersion RangeStatus
SAP_SESAP CommerceHY_COM 2105affected
SAP_SESAP CommerceHY_COM 2205affected
SAP_SESAP CommerceCOM_CLOUD 2211affected

Weaknesses

  • CWE-258: CWE-258: Empty Password in Configuration File

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References