Supplier Relationship Management
CVE-2023-39436
MEDIUM
Severity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Lifecycle Timeline
1DescriptionNVD
SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM.
AnalysisAI
SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM. Affected products include: Sap Supplier Relationship Management.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Require authentication for all sensitive operations, implement defense in depth.
Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers
he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within th
SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) do
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within th
Supplier Relationship Management versions up to 700 is affected by url redirection to untrusted site (open redirect) (CV
Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote
Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management, an unauthenticated attack
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an a
The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component, which al
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today