Description
Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. This allows information gathering which could be used exploit future open-source security exploits.
References
ExploitThird Party AdvisoryVDB Entry
http://seclists.org/fulldisclosure/2022/Jun/40
ExploitMailing ListThird Party Advisory
https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10
Vendor Advisory
https://launchpad.support.sap.com/#/notes/3147102
Permissions RequiredVendor Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.5 · High
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2022-03-10T17:45:25.927
3 years agoLast modified
2022-10-28T19:35:53.047
2 years ago