CVE-2023-39436

Name of the Vulnerable Software and Affected Versions SAP Supplier Relationship Management versions 600 through 617

Description The issue is related to insufficient protection of service data in the SAP Supplier Relationship Management application, specifically in the function for copying basic data of suppliers for business partners. This could allow a remote attacker to gain unauthorized access to protected information. The vulnerability may enable an attacker to discover information related to SRM within Vendor Master Data for Business Partners replication functionality, which could be used to specialize attacks against SRM.

Recommendations For versions 600 through 617, update to a version that includes the fix for this issue to prevent unauthorized access to sensitive information. As a temporary workaround, consider restricting access to the Vendor Master Data for Business Partners replication functionality until a patch is available.