Design/Logic Flaw

2022-03-1017:45:00

PRIOn knowledge base

www.prio-n.com

7.3 High

AI Score

Confidence

High

0.025 Low

EPSS

Percentile

90.3%

JSON

Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. This allows information gathering which could be used exploit future open-source security exploits.

CPENameOperatorVersion
simple_diagnostics_agentge1.0
simple_diagnostics_agentlt1.58

CPE	Name	Operator	Version
	simple_diagnostics_agent	ge	1.0
	simple_diagnostics_agent	lt	1.58

References

packetstormsecurity.com/files/167562/SAP-FRUN-Simple-Diagnostics-Agent-1.0-Information-Disclosure.html

seclists.org/fulldisclosure/2022/Jun/40

dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10

launchpad.support.sap.com/