CVE-2022-22544

Name of the Vulnerable Software and Affected Versions SAP Solution Manager version 720

Description The issue is related to insufficient access control in the SAP Solution Manager Diagnostics (Root Cause Analysis) tool, allowing a remote attacker to elevate their privileges. This can enable an administrator to execute code on all connected Diagnostics Agents and browse files on their systems, potentially leading to control of the managed systems. The impact of unauthorized command execution can result in sensitive information disclosure, loss of system integrity, and denial of service.

Recommendations For SAP Solution Manager version 720, consider restricting the privileges of the administrator role to minimize the risk of exploitation, and ensure proper segregation of duties to prevent unauthorized access to managed systems.