Sensitive Data Exposure in SAP Solution Manager (Diagnostic Agent)
CVE-2022-41261

6MEDIUM

Key Information:

Vendor
SAP
Status
Solution Manager (diagnostic Agent)
Vendor
CVE Published:
12 December 2022

Summary

SAP Solution Manager's Diagnostic Agent version 7.20 has a vulnerability that allows authenticated attackers on Windows systems to access sensitive files. This exploit could lead to unauthorized access to configuration files containing crucial credentials, potentially allowing malicious actors to access other system files and resources they should not have permission to see.

Affected Version(s)

Solution Manager (Diagnostic Agent) 7.20

References

https://launchpad.support.sap.com/#/notes/3265173
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:
6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.