CVE-2019-0330

Name of the Vulnerable Software and Affected Versions SAP Diagnostic Agent version 7.2

Description The issue exists due to the failure to neutralize special elements used in the operating system command. This allows a remote attacker to inject code that can be executed by the application, potentially controlling the application's behavior. The vulnerability is related to the OS Command Plugin in the transaction GPA ADMIN and the OSCommand Console of the SAP Diagnostic Agent.

Recommendations For SAP Diagnostic Agent version 7.2, update to a version that includes a fix for this issue to prevent code injection and potential control of the application's behavior. As a temporary workaround, consider restricting access to the OSCommand Console and the GPA ADMIN transaction to minimize the risk of exploitation.