CVE-2023-39439: SAP Commerce accepts empty passphrases.
First published: Tue Aug 08 2023(Updated: )
SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.
Credit: cna@sap.com cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Commerce Cloud | =2211 | |
| Sap Commerce Hycom | =2105 | |
| Sap Commerce Hycom | =2205 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-39439?
CVE-2023-39439 is a vulnerability in SAP Commerce Cloud that allows users to log into the system without a passphrase.
How severe is CVE-2023-39439?
CVE-2023-39439 is considered a critical vulnerability with a severity value of 9.8.
Which software versions are affected by CVE-2023-39439?
SAP Commerce Cloud versions 2211, Sap Commerce Hycom versions 2105 and 2205 are affected by CVE-2023-39439.
How can I fix CVE-2023-39439?
To fix CVE-2023-39439, apply the recommended patches and updates provided by SAP.
Where can I find more information about CVE-2023-39439?
You can find more information about CVE-2023-39439 at the following references: [Link 1](https://me.sap.com/notes/3346500), [Link 2](https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html)
- collector/nvd-index
- agent/references
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/title
- agent/description
- agent/event
- agent/first-publish-date
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- vendor/sap
- canonical/sap commerce cloud
- version/sap commerce cloud/2211
- canonical/sap commerce hycom
- version/sap commerce hycom/2105
- version/sap commerce hycom/2205