Vulnerabilities > SAP > Diagnostics Agent
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-11 | CVE-2023-27267 | Missing Authentication for Critical Function vulnerability in SAP Diagnostics Agent 720 Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents. | 8.1 |
| 2023-04-11 | CVE-2023-27497 | Missing Authentication for Critical Function vulnerability in SAP Diagnostics Agent 720 Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows. | 9.8 |
| 2019-11-13 | CVE-2019-0390 | Information Exposure vulnerability in SAP Diagnostics Agent 7.2 Under certain conditions SAP Data Hub (corrected in DH_Foundation version 2) allows an attacker to access information which would otherwise be restricted. | 4.3 |
| 2019-07-10 | CVE-2019-0330 | Code Injection vulnerability in SAP Diagnostics Agent 7.20 The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application. | 9.1 |