Header Injection in SAP Solution Manager (Diagnostic Agent)
CVE-2023-36921

7.2HIGH

Key Information:

Vendor: SAP
Status: SAP Solution Manager (diagnostic Agent)
Vendor: CVE Published:; 11 July 2023

What is CVE-2023-36921?

The SAP Solution Manager's Diagnostics Agent in version 7.20 contains a vulnerability that allows an attacker to manipulate headers in a client request. This manipulation can lead the SAP Diagnostics Agent to serve incorrect or malicious content to the server. If exploited, the attacker may compromise the confidentiality and availability of the application, posing significant risks to data integrity and operational effectiveness.

Affected Version(s)

SAP Solution Manager (Diagnostic Agent) 7.20

References

https://me.sap.com/notes/3348145

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

7.2

Severity:

HIGH

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 11, 2023
Vulnerability Reserved
Jun 27, 2023