CVE-2019-0307

Name of the Vulnerable Software and Affected Versions SAP Solution Manager version 7.2

Description The issue concerns the Diagnostics Agent in SAP Solution Manager, which stores credentials such as SLD user connection and Solman user communication in the SAP Secure Storage file without encryption by default. An attacker with admin privileges could decode these credentials to gain access to the entire configuration, although no system-sensitive information can be accessed. The vulnerability is related to weaknesses in managing registration data, which could allow a remote attacker to disclose protected information.

Recommendations For SAP Solution Manager version 7.2, consider enabling encryption for the SAP Secure Storage file to protect stored credentials. As a temporary workaround, restrict access to the Diagnostics Agent to minimize the risk of exploitation. Ensure that only authorized personnel with admin privileges have access to the system to reduce the potential impact.