SAP SRM Unauthorized Info Disclosure via Vendor Master Data Replication
CVE-2023-39436 Published on August 8, 2023
Information Disclosure in SAP Supplier Relationship Management
SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM.
Vulnerability Analysis
CVE-2023-39436 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Products Associated with CVE-2023-39436
Want to know whenever a new CVE is published for SAP Supplier Relationship Management? stack.watch will email you.
Affected Versions
SAP_SE SAP Supplier Relationship Management:- Version 600 is affected.
- Version 602 is affected.
- Version 603 is affected.
- Version 604 is affected.
- Version 605 is affected.
- Version 606 is affected.
- Version 616 is affected.
- Version 617 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.