Lucene search

SapCVELIST:CVE-2023-49587

HistoryDec 12, 2023 - 1:35 a.m.

CVE-2023-49587 Command Injection vulnerability in SAP Solution Manager

2023-12-1201:35:53

CWE-77

sap

www.cve.org

sap

solution manager

command injection

vulnerability

network

data modification

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Solution Manager",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "720"
      }
    ]
  }
]

References

me.sap.com/notes/3395306

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

6.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

12.8%

JSON

Related for CVELIST:CVE-2023-49587