Lucene search

SapCVE-2022-41261

HistoryDec 12, 2022 - 10:15 p.m.

CVE-2022-41261

2022-12-1222:15:10

CWE-284

sap

web.nvd.nist.gov

sap

solution manager

diagnostic agent

cve-2022-41261

windows

authentication

sensitive data

file access

system exploitation

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

Percentile

12.8%

JSON

SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized.

Affected configurations

Nvd

Node

microsoftwindowsMatch-

AND

sapsolution_managerMatch7.20

VendorProductVersionCPE
microsoftwindows-cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
sapsolution_manager7.20cpe:2.3:a:sap:solution_manager:7.20:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	windows	-	cpe:2.3:o:microsoft:windows:-:::::::*
sap	solution_manager	7.20	cpe:2.3:a:sap:solution_manager:7.20:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Solution Manager (Diagnostic Agent)",
    "vendor": "SAP",
    "versions": [
      {
        "status": "affected",
        "version": "7.20"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3265173

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

AI Score

5.4

Confidence

High

EPSS

Percentile

12.8%

JSON

Related for CVE-2022-41261