Details of VAR-202308-4080

ID

VAR-202308-4080

CVE

CVE-2023-39436

TITLE

SAP of SAP Supplier Relationship Management Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2023-021047

DESCRIPTION

SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM. SAP of SAP Supplier Relationship Management There is a vulnerability related to information leakage.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2023-39436 // JVNDB: JVNDB-2023-021047

AFFECTED PRODUCTS

vendor:	sap	model:	supplier relationship management	scope:	eq	version:	616	Trust: 1.8
vendor:	sap	model:	supplier relationship management	scope:	eq	version:	603	Trust: 1.8
vendor:	sap	model:	supplier relationship management	scope:	eq	version:	617	Trust: 1.8
vendor:	sap	model:	supplier relationship management	scope:	eq	version:	606	Trust: 1.8
vendor:	sap	model:	supplier relationship management	scope:	eq	version:	602	Trust: 1.8
vendor:	sap	model:	supplier relationship management	scope:	eq	version:	600	Trust: 1.8
vendor:	sap	model:	supplier relationship management	scope:	eq	version:	605	Trust: 1.8
vendor:	sap	model:	supplier relationship management	scope:	eq	version:	604	Trust: 1.8
vendor:	sap	model:	supplier relationship management	scope:	eq	version:	-	Trust: 0.8
vendor:	sap	model:	supplier relationship management	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2023-021047 // NVD: CVE-2023-39436

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2023-39436
value:	MEDIUM
Trust: 1.0
cna@sap.com:	CVE-2023-39436
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2023-39436
value:	MEDIUM
Trust: 0.8

nvd@nist.gov:	CVE-2023-39436
baseSeverity:	MEDIUM
baseScore:	5.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	1.4
version:	3.1
Trust: 2.0
NVD:	CVE-2023-39436
baseSeverity:	MEDIUM
baseScore:	5.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: JVNDB: JVNDB-2023-021047 // NVD: CVE-2023-39436 // NVD: CVE-2023-39436

PROBLEMTYPE DATA

problemtype:	CWE-306	Trust: 1.0
problemtype:	information leak (CWE-200) [ others ]	Trust: 0.8

sources: JVNDB: JVNDB-2023-021047 // NVD: CVE-2023-39436

EXTERNAL IDS

db:	NVD	id:	CVE-2023-39436	Trust: 2.6
db:	JVNDB	id:	JVNDB-2023-021047	Trust: 0.8

sources: JVNDB: JVNDB-2023-021047 // NVD: CVE-2023-39436

REFERENCES

url:	https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html	Trust: 1.8
url:	https://me.sap.com/notes/2067220	Trust: 1.0
url:	https://nvd.nist.gov/vuln/detail/cve-2023-39436	Trust: 0.8

sources: JVNDB: JVNDB-2023-021047 // NVD: CVE-2023-39436

SOURCES

db:	JVNDB	id:	JVNDB-2023-021047
db:	NVD	id:	CVE-2023-39436

LAST UPDATE DATE

2024-09-29T23:10:14.167000+00:00

SOURCES UPDATE DATE

db:	JVNDB	id:	JVNDB-2023-021047	date:	2024-01-18T06:24:00
db:	NVD	id:	CVE-2023-39436	date:	2024-09-28T22:15:04.010

SOURCES RELEASE DATE

db:	JVNDB	id:	JVNDB-2023-021047	date:	2024-01-18T00:00:00
db:	NVD	id:	CVE-2023-39436	date:	2023-08-08T01:15:19.150