Description
The Diagnostics Agent does not perform the authentication check for the functionalities of the Collector Simulator.
Some well-known impacts of Missing Authentication check are –
- read sensitive information
- access administrative or other privileged functionalities
Available fix and Supported packages
- LM-SERVICE | 7.20 | 7.20
- SOLMANDIAG 720 | SP004 | 000014
- SOLMANDIAG 720 | SP005 | 000015
- SOLMANDIAG 720 | SP006 | 000016
- SOLMANDIAG 720 | SP007 | 000022
- SOLMANDIAG 720 | SP008 | 000018
- SOLMANDIAG 720 | SP009 | 000010
- SOLMANDIAG 720 | SP010 | 000004
Affected component
- SV-SMG-ADM-CNT
Guided Procedure Content Repository
CVSS
Score: 8.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2906994