Multiple vulnerabilities in SAP Diagnostics Agent (EventLogServiceCollector)
CVE-2023-27497

9.8CRITICAL

Key Information:

Vendor: SAP
Status: Diagnostics Agent (EventLogServiceCollector)
Vendor: CVE Published:; 11 April 2023

Badges

📰 News Worthy

Summary

The SAP Diagnostics Agent, specifically version 720, is vulnerable due to inadequate authentication and input sanitization in its EventLogServiceCollector component. This flaw allows attackers to execute arbitrary scripts on any connected Diagnostics Agents operating on Windows systems. Successful exploitation of this vulnerability can lead to a complete compromise of the system’s confidentiality, integrity, and availability.

Affected Version(s)

Diagnostics Agent (EventLogServiceCollector) 720

News Articles

prophaze.com

CVE-2023-27497

CVE-2023-27497 : SAP DIAGNOSTICS AGENT 720 ON WINDOWS EVENTLOGSERVICECOLLECTOR MISSING AUTHENTICATION - Cloud WAF

CVE-2023-27497 : Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent.

6 months ago

References

https://launchpad.support.sap.com/#/notes/3305369

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by prophaze.com
Jul 30, 2024
Vulnerability published
Apr 11, 2023
Vulnerability Reserved
Mar 2, 2023

Key Information:

Badges

Summary

Affected Version(s)

Get notified when SecurityVulnerability.io launches alerting 🔔

News Articles

CVE-2023-27497 : SAP DIAGNOSTICS AGENT 720 ON WINDOWS EVENTLOGSERVICECOLLECTOR MISSING AUTHENTICATION - Cloud WAF

References

CVSS V3.1

Timeline