Weak password requirements in SAP Commerce - CVE-2023-39439
Published: August 9, 2023
Vulnerability identifier: #VU79267
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-39439
CWE-ID: CWE-521
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: SAP
Affected software:
SAP Commerce
SAP Commerce
Detailed vulnerability description
The vulnerability allows an attacker to perform a brute-force attack.
The vulnerability exists due to application accepts empty passwords. An attacker can trick the victim into setting an empty password for their account and gain unauthorized access to the application.
How to mitigate CVE-2023-39439
Install updates from vendor's website.