Lucene search

K
nvd[email protected]NVD:CVE-2023-36921
HistoryJul 11, 2023 - 3:15 a.m.

CVE-2023-36921

2023-07-1103:15:10
CWE-644
CWE-116
web.nvd.nist.gov
1
sap solution manager
client request headers
confidentiality
availability
exploitation

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

0.001 Low

EPSS

Percentile

29.0%

SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application.

Affected configurations

NVD
Node
sapsolution_managerMatch7.20

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

0.001 Low

EPSS

Percentile

29.0%

Related for NVD:CVE-2023-36921