Header Injection in SAP Solution Manager (Diagnostic Agent)
CVE-2023-36921
7.2HIGH
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 11 July 2023
What is CVE-2023-36921?
The SAP Solution Manager's Diagnostics Agent in version 7.20 contains a vulnerability that allows an attacker to manipulate headers in a client request. This manipulation can lead the SAP Diagnostics Agent to serve incorrect or malicious content to the server. If exploited, the attacker may compromise the confidentiality and availability of the application, posing significant risks to data integrity and operational effectiveness.
Affected Version(s)
SAP Solution Manager (Diagnostic Agent) 7.20