Description
The application Problem Context Manager in SAP Solution Manager does not perform the necessary XML validation, allowing an attacker:
- To consume large amounts of memory, causing the system to crash
- Minor loss of confidentiality
Available fix and Supported packages
- LM-SERVICE | 7.20 | 7.20
- SOLMANDIAG 720 | SP003 | 000007
- SOLMANDIAG 720 | SP004 | 000016
- SOLMANDIAG 720 | SP005 | 000017
- SOLMANDIAG 720 | SP006 | 000018
- SOLMANDIAG 720 | SP007 | 000024
- SOLMANDIAG 720 | SP008 | 000020
- SOLMANDIAG 720 | SP009 | 000012
- SOLMANDIAG 720 | SP010 | 000006
- SOLMANDIAG 720 | SP011 | 000001
Affected component
- SV-SMG-MON-ALR-PRA
Metric / Event Provider in Diagnostics Agent
CVSS
Score: 8.2
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2931391