CVE-2022-41261

Name of the Vulnerable Software and Affected Versions SAP Solution Manager (Diagnostic Agent) version 7.20

Description The issue allows an authenticated attacker on a Windows system to access a file containing sensitive data, which can be used to access a configuration file containing credentials to access other system files. Successful exploitation can grant the attacker access to files and systems for which they are not authorized. The vulnerability is related to insufficient access control in the Diagnostic Agent tool of the SAP Solution Manager platform.

Recommendations For SAP Solution Manager (Diagnostic Agent) version 7.20, consider restricting access to sensitive files and configuration files as a temporary workaround until a patch is available. Additionally, review and enforce strict access controls to prevent unauthorized access to system files and credentials. At the moment, there is no information about a newer version that contains a fix for this vulnerability.