Vulnerabilities > SAP > Diagnostics Agent

DATE CVE VULNERABILITY TITLE RISK
2023-04-11 CVE-2023-27267 Unspecified vulnerability in SAP Diagnostics Agent 720
Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents.
network
high complexity
sap
8.1
2023-04-11 CVE-2023-27497 Unspecified vulnerability in SAP Diagnostics Agent 720
Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows.
network
low complexity
sap
critical
9.8
2019-11-13 CVE-2019-0390 Information Exposure vulnerability in SAP Diagnostics Agent 7.2
Under certain conditions SAP Data Hub (corrected in DH_Foundation version 2) allows an attacker to access information which would otherwise be restricted.
network
low complexity
sap CWE-200
4.3
2019-07-10 CVE-2019-0330 Code Injection vulnerability in SAP Diagnostics Agent 7.20
The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application.
network
low complexity
sap CWE-94
critical
9.1