Multiple vulnerabilities in SAP Diagnostics Agent (EventLogServiceCollector)
CVE-2023-27497

10CRITICAL

Key Information:

Vendor

SAP
Status
Diagnostics Agent (eventlogservicecollector)
Vendor
CVE Published:
11 April 2023

Badges

đź“° News Worthy

What is CVE-2023-27497?

The SAP Diagnostics Agent, specifically version 720, is vulnerable due to inadequate authentication and input sanitization in its EventLogServiceCollector component. This flaw allows attackers to execute arbitrary scripts on any connected Diagnostics Agents operating on Windows systems. Successful exploitation of this vulnerability can lead to a complete compromise of the system’s confidentiality, integrity, and availability.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Diagnostics Agent (EventLogServiceCollector) 720

News Articles

favicon imageprophaze.com

CVE-2023-27497 : SAP DIAGNOSTICS AGENT 720 ON WINDOWS EVENTLOGSERVICECOLLECTOR MISSING AUTHENTICATION - Cloud WAF

CVE-2023-27497 : Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent.

References

https://launchpad.support.sap.com/#/notes/3305369
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:
10
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Changed

Timeline

  • đź“°

    First article discovered by prophaze.com

  • Vulnerability published

  • Vulnerability Reserved

JSON
.