Lucene search

SapCVELIST:CVE-2023-36921

HistoryJul 11, 2023 - 2:56 a.m.

CVE-2023-36921 Header Injection in SAP Solution Manager (Diagnostic Agent)

2023-07-1102:56:06

CWE-644

sap

www.cve.org

sap solution manager

diagnostics agent

header injection

poisoned content

confidentiality impact

availability impact

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

0.001 Low

EPSS

Percentile

29.0%

JSON

SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Solution Manager (Diagnostic Agent)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "7.20"
      }
    ]
  }
]

References

me.sap.com/notes/3348145

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

0.001 Low

EPSS

Percentile

29.0%

JSON

Related for CVELIST:CVE-2023-36921