{"vulnerability": "CVE-2023-39439", "sightings": [{"uuid": "a6f92282-c5bf-4535-8b45-dfc194dda1dd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39439", "type": "seen", "source": "https://t.me/arpsyndicate/2414", "content": "#ExploitObserverAlert\n\nCVE-2023-39439\n\nDESCRIPTION: Exploit Observer has 2 entries related to CVE-2023-39439. SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.\n\nFIRST-EPSS: 0.000910000\nNVD-IS: 5.9\nNVD-ES: 3.9", "creation_timestamp": "2024-01-04T03:02:23.000000Z"}, {"uuid": "cdd42646-ed1e-4bd9-a68f-e05f6698398c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39439", "type": "seen", "source": "https://t.me/DarkWebInformer_CVEAlerts/5797", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2023-39439\n\ud83d\udd25 CVSS Score: 8.8 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)\n\ud83d\udd39 Description: SAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.\n\ud83d\udccf Published: 2023-08-08T00:49:01.594Z\n\ud83d\udccf Modified: 2025-02-27T21:10:56.748Z\n\ud83d\udd17 References:\n1. https://me.sap.com/notes/3346500\n2. https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html", "creation_timestamp": "2025-02-27T21:26:01.000000Z"}, {"uuid": "64be0b0f-bafd-4ae1-9c71-0bdd737506bb", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2023-39439", "type": "seen", "source": "https://t.me/cibsecurity/67933", "content": "\u203c CVE-2023-39439 \u203c\n\nSAP Commerce Cloud may accept an empty passphrase for user ID and passphrase authentication, allowing users to log into the system without a passphrase.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-08-08T07:13:47.000000Z"}]}