Weak password requirements in SAP Commerce - CVE-2023-39439

 

Weak password requirements in SAP Commerce - CVE-2023-39439

Published: August 9, 2023


Vulnerability identifier: #VU79267
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-39439
CWE-ID: CWE-521
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: SAP
Affected software:
SAP Commerce

Detailed vulnerability description

The vulnerability allows an attacker to perform a brute-force attack.

The vulnerability exists due to application accepts empty passwords. An attacker can trick the victim into setting an empty password for their account and gain unauthorized access to the application.


How to mitigate CVE-2023-39439

Install updates from vendor's website.

Sources