CRITICAL🇵🇱 Wersja polska

CVE-2022-22544

CVSS 9.1v3.1pub. 2022-02-09upd. 2024-11-21

Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could thereby control the managed systems. It is considered that this is a missing segregation of duty for the SAP Solution Manager administrator. Impacts of unauthorized execution of commands can lead to sensitive information disclosure, loss of system integrity and denial of service.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
  • Sap Solution Manager

    APP
    Sap
    7.20
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
DoS
CWE
References

Related vulnerabilities

CVE-2020-6207CRITICAL9.8⚠ KEVten sam produkt

SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not ...

CVE-2020-26837CRITICAL9.1ten sam produkt

SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a...

CVE-2020-26823CRITICAL10.0ten sam produkt

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system...

CVE-2020-26821CRITICAL10.0ten sam produkt

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system...

CVE-2020-26822CRITICAL10.0ten sam produkt

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system...