Last Modified: April 14, 2023
An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system.
Tweets last week: 0
Remaining steady
Yahoo results: 0
Remaining steady
Current EPSS Score: 0.0005
Remaining steady
Reddit Posts: 0
Remaining steady
Github Repos: 0
Remaining steady
Found exploits:
Attack Vector: Network
Attack Complexity: Low
Privileges Required: High
User Interaction: None
Scope: Changed
Confidentiality: High
Integrity: High
Availability: None
Base Score: 8.7
Exploitability Score:
2.3
Impact Score: 5.8
CVSS V3: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
CWE-668
| Condition | Configuration | |
|---|---|---|
| OR | ||
| OR | ||
| cpe:2.3:a:sap:landscape_management:3.0:*:*:*:enterprise:*:*:* Part: a Vendor: sap | Alle Schwachstellen für sap | |
Base Score V3:
Not defined
Exploitability Score V3:
Not defined
Impact Score V3:
Not defined
Cvss Vector V3:
Not defined
Configuration:
added:
cpe:2.3:a:sap:landscape_management:3.0:*:*:*:enterprise:*:*:*
<?xml version="1.0" ?>
<set operator="and">
<set operator="or">
<prop key="application" value="cpe:2.3:a:sap:landscape_management:3.0:*:*:*:enterprise:*:*:*"/>
</set>
</set>
<?xml version="1.0" ?>
<set operator="and">
<set operator="or">
<prop key="application" value="cpe:2.3:a:sap:landscape_management:3.0:*:*:*:enterprise:*:*:*"/>
</set>
<prop key="program_influence" value="input"/>
</set>