CVE-2023-36919

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jul 11, 2023

Updated: Jul 18, 2023

CWE ID 116

CWE ID 644

Summary

CVE-2023-36919 is a vulnerability affecting SAP Enable Now in versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704. This issue arises due to the lack of implementation of the Referrer-Policy response header, exposing referrer details to unauthenticated attackers. The disclosure of such information can potentially be used to track user activities or gain unauthorized access, posing a significant risk to data privacy and security.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/r8zBYQ
https://www.cve.org/CVERecord?id=CVE-2023-36919
https://nvd.nist.gov/vuln/detail/CVE-2023-36919

Back to Vulnerability Database

CVE-2023-36919

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations