Strix
26.1K

CVE-2023-36919

MEDIUMCVSS 5.3/10EPSS 0.40%

Last modified

CVE-2023-36919 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated attacker to obtain referrer details, resulting in information disclosure.. EPSS estimates a 0.40% chance of exploitation in the next 30 days.

Description

In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated attacker to obtain referrer details, resulting in information disclosure.

Metrics

CVSS 3.1
5.3/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Probability
0.40%

32.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SapEnable NowAll versions

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-36919?
In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated attacker to obtain referrer details, resulting in information disclosure.
How severe is CVE-2023-36919?
CVE-2023-36919 has a CVSS score of 5.3/10 (MEDIUM severity). The EPSS model estimates a 0.40% probability of exploitation in the next 30 days.
How do I fix CVE-2023-36919?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-36919?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST