Unauthenticated blind SSRF in SAP Solution Manager (Diagnostics agent)
CVE-2023-36925
7.2HIGH
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 11 July 2023
What is CVE-2023-36925?
A vulnerability in the SAP Solution Manager's Diagnostics agent version 7.20 allows unauthenticated attackers to execute HTTP requests without authentication. This can lead to unauthorized commands being run against the system, potentially compromising the confidentiality and availability of the affected application and any connected systems that the Diagnostics agent has access to. Organizations using this product should be aware of the risks involved and implement necessary security measures to protect against unauthorized access.
Affected Version(s)
SAP Solution Manager (Diagnostics agent) 7.20