CVE-2023-36919

Name of the Vulnerable Software and Affected Versions SAP Enable Now versions WPB MANAGER 1.0, WPB MANAGER CE 10, WPB MANAGER HANA 10, ENABLE NOW CONSUMP DEL 1704

Description The issue is related to the lack of implementation of the Referrer-Policy response header in SAP Enable Now, allowing an unauthenticated attacker to obtain referrer details. This results in information disclosure. The vulnerability is associated with insufficient processing of HTTP requests, which can be exploited by a remote attacker to bypass existing security restrictions and disclose protected information using the HTTP referer header.

Recommendations For SAP Enable Now versions WPB MANAGER 1.0, WPB MANAGER CE 10, WPB MANAGER HANA 10, ENABLE NOW CONSUMP DEL 1704, consider implementing the Referrer-Policy response header to prevent information disclosure. As a temporary workaround, restrict access to sensitive information that could be disclosed through referrer details until a patch is available.