CVE-2023-27267

Name of the Vulnerable Software and Affected Versions SAP Diagnostics Agent version 720

Description The issue is related to missing authentication and insufficient input validation in the OSCommand Bridge of the SAP Diagnostics Agent. This allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents, potentially compromising confidentiality, integrity, and availability of the system.

Recommendations For SAP Diagnostics Agent version 720, consider disabling the OSCommand Bridge function until a patch is available to prevent exploitation. Restrict access to the Diagnostics Agent to minimize the risk of unauthorized script execution. At the moment, there is no information about a newer version that contains a fix for this vulnerability.