Vulnerabilities > CVE-2023-36925 - Server-Side Request Forgery (SSRF) vulnerability in SAP Solution Manager 7.20

047910
CVSS 7.2 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
LOW
network
low complexity
sap
CWE-918

Summary

SAP Solution Manager (Diagnostics agent) - version 7.20, allows an unauthenticated attacker to blindly execute HTTP requests. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application and other applications the Diagnostics Agent can reach.

Vulnerable Configurations

Part Description Count
Application
Sap
1

Common Weakness Enumeration (CWE)