Lucene search

SapCVELIST:CVE-2022-41261

HistoryDec 12, 2022 - 9:24 p.m.

CVE-2022-41261

2022-12-1221:24:53

CWE-284

sap

www.cve.org

sap solution manager

authenticated attacker

sensitive data

windows system

configuration file

credentials

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

AI Score

6.1

Confidence

High

EPSS

Percentile

12.8%

JSON

SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Solution Manager (Diagnostic Agent)",
    "vendor": "SAP",
    "versions": [
      {
        "status": "affected",
        "version": "7.20"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/3265173

www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

AI Score

6.1

Confidence

High

EPSS

Percentile

12.8%

JSON

Related for CVELIST:CVE-2022-41261