ID

VAR-202308-4080


CVE

CVE-2023-39436


TITLE

SAP  of  SAP Supplier Relationship Management  Vulnerability regarding information leakage in

Trust: 0.8

sources: JVNDB: JVNDB-2023-021047

DESCRIPTION

SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM. SAP of SAP Supplier Relationship Management There is a vulnerability related to information leakage.Information may be obtained

Trust: 1.62

sources: NVD: CVE-2023-39436 // JVNDB: JVNDB-2023-021047

AFFECTED PRODUCTS

vendor:sapmodel:supplier relationship managementscope:eqversion:616

Trust: 1.8

vendor:sapmodel:supplier relationship managementscope:eqversion:603

Trust: 1.8

vendor:sapmodel:supplier relationship managementscope:eqversion:617

Trust: 1.8

vendor:sapmodel:supplier relationship managementscope:eqversion:606

Trust: 1.8

vendor:sapmodel:supplier relationship managementscope:eqversion:602

Trust: 1.8

vendor:sapmodel:supplier relationship managementscope:eqversion:600

Trust: 1.8

vendor:sapmodel:supplier relationship managementscope:eqversion:605

Trust: 1.8

vendor:sapmodel:supplier relationship managementscope:eqversion:604

Trust: 1.8

vendor:sapmodel:supplier relationship managementscope:eqversion: -

Trust: 0.8

vendor:sapmodel:supplier relationship managementscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2023-021047 // NVD: CVE-2023-39436

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2023-39436
value: MEDIUM

Trust: 1.0

cna@sap.com: CVE-2023-39436
value: MEDIUM

Trust: 1.0

NVD: CVE-2023-39436
value: MEDIUM

Trust: 0.8

nvd@nist.gov: CVE-2023-39436
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 1.4
version: 3.1

Trust: 2.0

NVD: CVE-2023-39436
baseSeverity: MEDIUM
baseScore: 5.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: LOW
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2023-021047 // NVD: CVE-2023-39436 // NVD: CVE-2023-39436

PROBLEMTYPE DATA

problemtype:CWE-306

Trust: 1.0

problemtype:information leak (CWE-200) [ others ]

Trust: 0.8

sources: JVNDB: JVNDB-2023-021047 // NVD: CVE-2023-39436

EXTERNAL IDS

db:NVDid:CVE-2023-39436

Trust: 2.6

db:JVNDBid:JVNDB-2023-021047

Trust: 0.8

sources: JVNDB: JVNDB-2023-021047 // NVD: CVE-2023-39436

REFERENCES

url:https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Trust: 1.8

url:https://me.sap.com/notes/2067220

Trust: 1.0

url:https://nvd.nist.gov/vuln/detail/cve-2023-39436

Trust: 0.8

sources: JVNDB: JVNDB-2023-021047 // NVD: CVE-2023-39436

SOURCES

db:JVNDBid:JVNDB-2023-021047
db:NVDid:CVE-2023-39436

LAST UPDATE DATE

2024-09-29T23:10:14.167000+00:00


SOURCES UPDATE DATE

db:JVNDBid:JVNDB-2023-021047date:2024-01-18T06:24:00
db:NVDid:CVE-2023-39436date:2024-09-28T22:15:04.010

SOURCES RELEASE DATE

db:JVNDBid:JVNDB-2023-021047date:2024-01-18T00:00:00
db:NVDid:CVE-2023-39436date:2023-08-08T01:15:19.150