CVE-2023-39436

{"id": "CVE-2023-39436", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 5.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2023-08-08T01:15:19.150", "references": [{"url": "https://me.sap.com/notes/2067220", "tags": ["Permissions Required"], "source": "cna@sap.com"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://me.sap.com/notes/2067220", "tags": ["Permissions Required"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "cna@sap.com", "description": [{"lang": "en", "value": "CWE-306"}]}], "descriptions": [{"lang": "en", "value": "SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to\u00a0SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against\u00a0SRM."}], "lastModified": "2024-11-21T08:15:25.353", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:supplier_relationship_management:600:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "55527525-88C2-4FAD-AD3F-023928317556"}, {"criteria": "cpe:2.3:a:sap:supplier_relationship_management:602:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "15FDAEAF-58BD-4839-839F-A1E8C8E0E0AE"}, {"criteria": "cpe:2.3:a:sap:supplier_relationship_management:603:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "794DE5E4-B5A6-4ACC-8EBF-F76FCAD7369C"}, {"criteria": "cpe:2.3:a:sap:supplier_relationship_management:604:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "685CA87A-7F6F-4D75-83D9-C5F26201257D"}, {"criteria": "cpe:2.3:a:sap:supplier_relationship_management:605:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "189F4096-39A5-44E6-B954-70B45FA1F695"}, {"criteria": "cpe:2.3:a:sap:supplier_relationship_management:606:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24247E81-67E8-42DE-9871-2EC7F0960A98"}, {"criteria": "cpe:2.3:a:sap:supplier_relationship_management:616:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2EFCE15C-77A9-4C6E-8616-3F7EBA1EB220"}, {"criteria": "cpe:2.3:a:sap:supplier_relationship_management:617:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67BE6CAE-5A02-4567-ADEA-2B16C763CA06"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}