CVE-2023-27497

Name of the Vulnerable Software and Affected Versions SAP Diagnostics Agent version 720

Description The EventLogServiceCollector of SAP Diagnostics Agent is affected by missing authentication and input sanitization of code, allowing an attacker to execute malicious scripts on all connected Diagnostics Agents running on Windows. Successful exploitation can completely compromise confidentiality, integrity, and availability of the system.

Recommendations For SAP Diagnostics Agent version 720, consider disabling the EventLogServiceCollector until a patch is available to prevent exploitation. Restrict access to the Diagnostics Agents to minimize the risk of malicious script execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.