CVE-2022-24396

7.8HIGH

Key Information:

Vendor: SAP
Status: SAP Focused Run (simple Diagnostics Agent)
Vendor: CVE Published:; 10 March 2022

Summary

The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities and read, modify, or delete sensitive information and configurations.

Affected Version(s)

SAP Focused Run (Simple Diagnostics Agent) < >= 1.0 < 1.0

SAP Focused Run (Simple Diagnostics Agent) < 1.58 < 1.58

References

https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/3145987

x_refsource_MISC

http://seclists.org/fulldisclosure/2022/Jun/38

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Mar 10, 2022
Vulnerability Reserved
Feb 3, 2022

.