Lucene search

[email protected]CVE-2023-36921

HistoryJul 11, 2023 - 3:15 a.m.

CVE-2023-36921

2023-07-1103:15:10

CWE-116

CWE-644

[email protected]

web.nvd.nist.gov

sap

solution manager

diagnostics agent

cve-2023-36921

header tampering

server impact

confidentiality

availability

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.0%

JSON

SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application.

Affected configurations

NVD

Node

sapsolution_managerMatch7.20

CPENameOperatorVersion
sap:solution_managersap solution managereq7.20

CPE	Name	Operator	Version
sap:solution_manager	sap solution manager	eq	7.20

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Solution Manager (Diagnostic Agent)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "7.20"
      }
    ]
  }
]

References

me.sap.com/notes/3348145

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

29.0%

JSON

Related for CVE-2023-36921

prion1 cvelist1 nvd1