Skip to main content

Supplier Relationship Management CVE-2023-39436

MEDIUM
Missing Authentication for Critical Function (CWE-306)
2023-08-08 cna@sap.com
5.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
5.8 MEDIUM
AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Aug 08, 2023 - 01:15 nvd
MEDIUM 5.8

DescriptionNVD

SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM.

AnalysisAI

SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business. Rated medium severity (CVSS 5.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Missing Authentication for Critical Function (CWE-306), which allows attackers to access critical functionality without authentication. SAP Supplier Relationship Management -versions 600, 602, 603, 604, 605, 606, 616, 617, allows an unauthorized attacker to discover information relating to SRM within Vendor Master Data for Business Partners replication functionality.This information could be used to allow the attacker to specialize their attacks against SRM. Affected products include: Sap Supplier Relationship Management.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Require authentication for all sensitive operations, implement defense in depth.

CVE-2014-4159 MEDIUM POC
5.8 Jun 13

Open redirect vulnerability in in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote attackers

CVE-2025-30009 MEDIUM
6.1 May 13

he Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within the

CVE-2025-30010 MEDIUM
6.1 May 13

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within th

CVE-2019-0361 MEDIUM
6.1 Sep 10

SAP Supplier Relationship Management (Master Data Management Catalog - SRM_MDM_CAT, before versions 3.73, 7.31, 7.32) do

CVE-2025-30011 MEDIUM
5.3 May 13

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component within th

CVE-2026-0513 MEDIUM
4.7 Jan 13

Supplier Relationship Management versions up to 700 is affected by url redirection to untrusted site (open redirect) (CV

CVE-2014-4161 MEDIUM
4.3 Jun 13

Cross-site scripting (XSS) vulnerability in la/umTestSSO.jsp in SAP Supplier Relationship Management (SRM) allows remote

CVE-2025-42920 MEDIUM
6.1 Sep 09

Due to a Cross-Site Scripting (XSS) vulnerability in the SAP Supplier Relationship Management, an unauthenticated attack

CVE-2025-30018 HIGH
8.6 May 13

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) allows an unauthenticated attacker to submit an a

CVE-2025-30012 CRITICAL
10.0 May 13

The Live Auction Cockpit in SAP Supplier Relationship Management (SRM) uses a deprecated java applet component, which al

Share

CVE-2023-39436 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy