Vulnerabilities > CVE-2023-26458 - Unspecified vulnerability in SAP Landscape Management 3.0

047910
CVSS 8.7 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
NONE
network
low complexity
sap

Summary

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system.

Vulnerable Configurations

Part Description Count
Application
Sap
1