Lucene search

[email protected]NVD:CVE-2022-41261

HistoryDec 12, 2022 - 10:15 p.m.

CVE-2022-41261

2022-12-1222:15:10

CWE-284

[email protected]

web.nvd.nist.gov

sap solution manager

diagnostic agent

windows system

sensitive data

configuration file

credentials

unauthorized access

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.2%

JSON

SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized.

Affected configurations

NVD

Node

microsoftwindowsMatch-

AND

sapsolution_managerMatch7.20

References

launchpad.support.sap.com/#/notes/3265173

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

5.5 Medium

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

0.0004 Low

EPSS

Percentile

9.2%

JSON

Related for NVD:CVE-2022-41261

cve1 prion1 cvelist1