Security News > 2019 > July > SAP Patches Critical Flaw in Diagnostics Agent

SAP Patches Critical Flaw in Diagnostics Agent
2019-07-11 12:10

SAP this week released 11 Security Notes as part of the Patch Day – July 2019, one of which was a Hot News Note addressing a Critical vulnerability in Diagnostics Agent. Tracked as CVE-2019-0330 and featuring a CVSS score of 9.1, the bug is an OS command injection that could lead to the compromise of the entire SAP system.  read more


News URL

http://feedproxy.google.com/~r/Securityweek/~3/6ERsxwxPG8c/sap-patches-critical-flaw-diagnostics-agent

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2019-07-10 CVE-2019-0330 Code Injection vulnerability in SAP Diagnostics Agent 7.20
The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application.
network
low complexity
sap CWE-94
critical
9.1

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
SAP 328 25 679 386 113 1203