CVE-2023-27267
- EPSS 7.3%
- Published 11.04.2023 03:15:07
- Last modified 21.11.2024 07:52:33
Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents. On successful e...
CVE-2023-27497
- EPSS 0.25%
- Published 11.04.2023 03:15:07
- Last modified 21.11.2024 07:53:01
Due to missing authentication and input sanitization of code the EventLogServiceCollector of SAP Diagnostics Agent - version 720, allows an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows. On successful ex...
CVE-2019-0390
- EPSS 0.3%
- Published 13.11.2019 22:15:11
- Last modified 21.11.2024 04:16:47
Under certain conditions SAP Data Hub (corrected in DH_Foundation version 2) allows an attacker to access information which would otherwise be restricted. Connection details that are maintained in Connection Manager are visible to users.
CVE-2019-0330
- EPSS 0.97%
- Published 10.07.2019 20:15:12
- Last modified 21.11.2024 04:16:41
The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior o...