SAP Commerce accepts empty passphrases.
CVE-2023-39439

8.8HIGH

Key Information:

Vendor: SAP
Status: SAP Commerce
Vendor: CVE Published:; 8 August 2023

What is CVE-2023-39439?

SAP Commerce Cloud contains a vulnerability that allows users to bypass passphrase security during login. The system may accept an empty passphrase for user ID and passphrase authentication, enabling unauthorized access. This could lead to potential compromises of sensitive data and overall system integrity. Organizations are advised to apply the necessary patches to mitigate this vulnerability and safeguard their systems.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP Commerce HY_COM 2105

SAP Commerce HY_COM 2205

SAP Commerce COM_CLOUD 2211

References

https://me.sap.com/notes/3346500

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Aug 8, 2023
Vulnerability Reserved
Aug 1, 2023

JSON

SAP

What is CVE-2023-39439?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.