HIGH🇬🇧 English

CVE-2023-36921

CVSS 7.2v3.1pub. 2023-07-11upd. 2024-11-21

SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L
  • Sap Solution Manager

    APP
    Sap
    7.20
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2020-6207CRITICAL9.8⚠ KEVten sam produkt

SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not ...

CVE-2022-22544CRITICAL9.1ten sam produkt

Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute cod...

CVE-2020-26837CRITICAL9.1ten sam produkt

SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a...

CVE-2020-26823CRITICAL10.0ten sam produkt

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system...

CVE-2020-26821CRITICAL10.0ten sam produkt

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system...