CVE-2023-39436: Information Disclosure in SAP Supplier Relationship Management
First published: Tue Aug 08 2023(Updated: )
SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM.
Credit: cna@sap.com cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Supplier Relationship Management | =600 | |
| SAP Supplier Relationship Management | =602 | |
| SAP Supplier Relationship Management | =603 | |
| SAP Supplier Relationship Management | =604 | |
| SAP Supplier Relationship Management | =605 | |
| SAP Supplier Relationship Management | =606 | |
| SAP Supplier Relationship Management | =616 | |
| SAP Supplier Relationship Management | =617 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2023-39436?
The severity of CVE-2023-39436 is medium with a severity value of 5.8.
How can an unauthorized attacker exploit CVE-2023-39436?
An unauthorized attacker can exploit CVE-2023-39436 by discovering information related to SRM within Vendor Master Data for Business Partners replication functionality.
Which versions of SAP Supplier Relationship Management are affected by CVE-2023-39436?
Versions 600, 602, 603, 604, 605, 606, 616, and 617 of SAP Supplier Relationship Management are affected by CVE-2023-39436.
Is there a fix available for CVE-2023-39436?
Yes, you can find the fix for CVE-2023-39436 in the SAP notes available at https://me.sap.com/notes/2067220.
Where can I find more information about CVE-2023-39436?
You can find more information about CVE-2023-39436 in the document provided by SAP at https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html.
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- agent/softwarecombine
- collector/epss-latest
- source/FIRST
- agent/epss
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/title
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/sap
- canonical/sap supplier relationship management
- version/sap supplier relationship management/600
- version/sap supplier relationship management/602
- version/sap supplier relationship management/603
- version/sap supplier relationship management/604
- version/sap supplier relationship management/605
- version/sap supplier relationship management/606
- version/sap supplier relationship management/616
- version/sap supplier relationship management/617