cnvd-2023-65175
Vulnerability from cnvd
Title
SAP Supplier Relationship Management信息泄露漏洞
Description
SAP Supplier Relationship Management(SRM)是德国思爱普(SAP)公司的一套供应商关系管理解决方案。该产品实现了企业内以及供应商之间采购和购置流程的自动化,并提供发票开具等功能。 SAP Supplier Relationship Management 600、602、603、604、605、606、616、617版本存在信息泄露漏洞,未经授权的攻击者可利用该漏洞在业务合作伙伴的供应商主数据复制功能中发现与SRM相关的信息。
Severity
Patch Name
SAP Supplier Relationship Management信息泄露漏洞的补丁
Patch Description
SAP Supplier Relationship Management(SRM)是德国思爱普(SAP)公司的一套供应商关系管理解决方案。该产品实现了企业内以及供应商之间采购和购置流程的自动化,并提供发票开具等功能。 SAP Supplier Relationship Management 600、602、603、604、605、606、616、617版本存在信息泄露漏洞,未经授权的攻击者可利用该漏洞在业务合作伙伴的供应商主数据复制功能中发现与SRM相关的信息。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description

目前厂商已发布升级补丁以修复漏洞,详情请关注厂商主页: https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Reference
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html https://me.sap.com/notes/2067220 https://cxsecurity.com/cveshow/CVE-2023-39436/
Impacted products
Name
['SAP supplier relationship management 600', 'SAP supplier relationship management 602', 'SAP supplier relationship management 603', 'SAP supplier relationship management 604', 'SAP supplier relationship management 605', 'SAP supplier relationship management 606', 'SAP supplier relationship management 616', 'SAP supplier relationship management 617']
Show details on source website

To clipboard 

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2023-39436",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2023-39436"
    }
  },
  "description": "SAP Supplier Relationship Management\uff08SRM\uff09\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u5957\u4f9b\u5e94\u5546\u5173\u7cfb\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u4ea7\u54c1\u5b9e\u73b0\u4e86\u4f01\u4e1a\u5185\u4ee5\u53ca\u4f9b\u5e94\u5546\u4e4b\u95f4\u91c7\u8d2d\u548c\u8d2d\u7f6e\u6d41\u7a0b\u7684\u81ea\u52a8\u5316\uff0c\u5e76\u63d0\u4f9b\u53d1\u7968\u5f00\u5177\u7b49\u529f\u80fd\u3002\n\nSAP Supplier Relationship Management 600\u3001602\u3001603\u3001604\u3001605\u3001606\u3001616\u3001617\u7248\u672c\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u672a\u7ecf\u6388\u6743\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u4e1a\u52a1\u5408\u4f5c\u4f19\u4f34\u7684\u4f9b\u5e94\u5546\u4e3b\u6570\u636e\u590d\u5236\u529f\u80fd\u4e2d\u53d1\u73b0\u4e0eSRM\u76f8\u5173\u7684\u4fe1\u606f\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8be6\u60c5\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\uff1a\r\nhttps://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2023-65175",
  "openTime": "2023-08-23",
  "patchDescription": "SAP Supplier Relationship Management\uff08SRM\uff09\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u5957\u4f9b\u5e94\u5546\u5173\u7cfb\u7ba1\u7406\u89e3\u51b3\u65b9\u6848\u3002\u8be5\u4ea7\u54c1\u5b9e\u73b0\u4e86\u4f01\u4e1a\u5185\u4ee5\u53ca\u4f9b\u5e94\u5546\u4e4b\u95f4\u91c7\u8d2d\u548c\u8d2d\u7f6e\u6d41\u7a0b\u7684\u81ea\u52a8\u5316\uff0c\u5e76\u63d0\u4f9b\u53d1\u7968\u5f00\u5177\u7b49\u529f\u80fd\u3002\r\n\r\nSAP Supplier Relationship Management 600\u3001602\u3001603\u3001604\u3001605\u3001606\u3001616\u3001617\u7248\u672c\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u672a\u7ecf\u6388\u6743\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u5728\u4e1a\u52a1\u5408\u4f5c\u4f19\u4f34\u7684\u4f9b\u5e94\u5546\u4e3b\u6570\u636e\u590d\u5236\u529f\u80fd\u4e2d\u53d1\u73b0\u4e0eSRM\u76f8\u5173\u7684\u4fe1\u606f\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAP Supplier Relationship Management\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SAP supplier relationship management 600",
      "SAP supplier relationship management 602",
      "SAP supplier relationship management 603",
      "SAP supplier relationship management 604",
      "SAP supplier relationship management 605",
      "SAP supplier relationship management 606",
      "SAP supplier relationship management 616",
      "SAP supplier relationship management 617"
    ]
  },
  "referenceLink": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html\r\nhttps://me.sap.com/notes/2067220\r\nhttps://cxsecurity.com/cveshow/CVE-2023-39436/",
  "serverity": "\u4e2d",
  "submitTime": "2023-08-11",
  "title": "SAP Supplier Relationship Management\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.