CVE-2023-26458

Name of the Vulnerable Software and Affected Versions SAP Landscape Management version 3.0, enterprise edition

Description An information disclosure issue exists, allowing authenticated SAP Landscape Management users to obtain privileged access to other systems. This makes those systems vulnerable to information disclosure and modification. The disclosed information is related to Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system. Authenticated SAP Landscape Management users can access this information and escalate their privileges to the SAP Solution Manager system.

Recommendations For SAP Landscape Management version 3.0, enterprise edition, consider restricting access to the Diagnostics Agent Connection via Java SCS Message Server to prevent privilege escalation until a fix is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.