CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-26458

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 36.2%

CVSS Severity

CVSS v3 Score 6.8

References

https://launchpad.support.sap.com/#/notes/3312733
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html
https://launchpad.support.sap.com/#/notes/3312733
https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Products affected by CVE-2023-26458

Sap » Landscape Management » Version: 3.0

cpe:2.3:a:sap:landscape_management:3.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-26458

Products

Pricing

Contact Us