Lucene search

SapCVE-2023-36921

HistoryJul 11, 2023 - 3:15 a.m.

CVE-2023-36921

2023-07-1103:15:10

CWE-116

CWE-644

sap

web.nvd.nist.gov

sap

solution manager

diagnostics agent

cve-2023-36921

header tampering

server impact

confidentiality

availability

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

34.5%

JSON

SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application.

Affected configurations

Nvd

Node

sapsolution_managerMatch7.20

VendorProductVersionCPE
sapsolution_manager7.20cpe:2.3:a:sap:solution_manager:7.20:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	solution_manager	7.20	cpe:2.3:a:sap:solution_manager:7.20:::::::*

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "SAP Solution Manager (Diagnostic Agent)",
    "vendor": "SAP_SE",
    "versions": [
      {
        "status": "affected",
        "version": "7.20"
      }
    ]
  }
]

References

me.sap.com/notes/3348145

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

AI Score

6.8

Confidence

High

EPSS

0.001

Percentile

34.5%

JSON

Related for CVE-2023-36921