Lucene search

PRIOn knowledge basePRION:CVE-2023-26458

HistoryApr 11, 2023 - 3:15 a.m.

Information disclosure

2023-04-1103:15:00

PRIOn knowledge base

www.prio-n.com

sap

landscape management

version 3.0

enterprise edition

information disclosure

vulnerability

authenticated users

privileged access

diagnostics agent connection

java scs message server

sap solution manager

escalate privileges

8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.0%

JSON

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system.

CPENameOperatorVersion
landscape_managementeq3.0

CPE	Name	Operator	Version
	landscape_management	eq	3.0

References

launchpad.support.sap.com/

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html