Command Injection vulnerability in SAP Solution Manager
CVE-2023-49587

6.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Solution Manager
Vendor: CVE Published:; 12 December 2023

What is CVE-2023-49587?

SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network.

Affected Version(s)

SAP Solution Manager 720

References

https://me.sap.com/notes/3395306

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-...

CVSS V3.1

Score:

6.4

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 12, 2023
Vulnerability Reserved
Nov 27, 2023