Description
Solution Manager 7.2 Diagnostics Agent stores several credentials unencrypted, such as SLD user connection as well as Solman user communication. This is only accessible by the Diagnostic Agent user (<SID>adm).
Some well-known impacts of Information Disclosure are –
- loss of information and system configuration confidentiality
- information gathering for further exploits and attacks
Available fix and Supported packages
- LM-SERVICE | 7.20 | 7.20
- SOLMANDIAG 720 | SP009 | 000000
Affected component
- SV-SMG-DIA-SRV-AGT
Agent Framework
CVSS
Score: 3.4
CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2772266