CVE-2023-36919 MEDIUM

CVE-2023-36919: Information Disclosure in SAP Enable Now

Vendor Sap_Se
Product SAP Enable Now
Weakness CWE-213
Published July 11, 2023
Last update November 12, 2024

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated attacker to obtain referrer details, resulting in information disclosure.

Key dates

02Disclosure timeline

July 11, 2023 CVE published
November 12, 2024 Record updated