Lucene search

K
cve[email protected]CVE-2023-36921
HistoryJul 11, 2023 - 3:15 a.m.

CVE-2023-36921

2023-07-1103:15:10
CWE-644
CWE-116
web.nvd.nist.gov
16
sap
solution manager
diagnostics agent
cve-2023-36921
header tampering
server impact
confidentiality
availability

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.8%

SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application.

Affected configurations

NVD
Node
sapsolution_managerMatch7.20

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Solution Manager (Diagnostic Agent)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "7.20"
      }
    ]
  }
]

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

6.8 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

28.8%

Related for CVE-2023-36921