CVE-2023-26458
Last modified
CVE-2023-26458 is a high-severity vulnerability rated 8.7/10 on the CVSS scale. An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system. . EPSS estimates a 0.56% chance of exploitation in the next 30 days.
Description
An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system.
Metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Sap | Landscape Management | 3.0 |
References
- https://launchpad.support.sap.com/#/notes/3312733Permissions Required
- https://launchpad.support.sap.com/#/notes/3312733Permissions Required
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-26458?
How severe is CVE-2023-26458?
How do I fix CVE-2023-26458?
Are you affected by CVE-2023-26458?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST