PT-2023-4099 · Sap · Sap Solution Manager

Published

2023-07-11

Updated

2023-07-27

CVE-2023-36921

CVSS v3.1

7.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

Name of the Vulnerable Software and Affected Versions SAP Solution Manager (Diagnostics agent) version 7.20

Description The issue is related to a lack of output encoding or escaping mechanism in the SAP Solution Manager (Diagnostics agent) platform. This can be exploited by a remote attacker to conduct a cross-site scripting (XSS) attack. The vulnerability allows an attacker to tamper with headers in a client request, misleading the SAP Diagnostics Agent to serve poisoned content to the server, which can impact the confidentiality and availability of the application.

Recommendations For SAP Solution Manager (Diagnostics agent) version 7.20, update the software to a version that includes a fix for the output encoding or escaping mechanism issue to prevent cross-site scripting (XSS) attacks.

Fix

Improper Encoding or Escaping of Output

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-644CWE-116

Related Identifiers

BDU:2023-04407

CVE-2023-36921

Affected Products

Sap Solution Manager

PT-2023-4099 · Sap · Sap Solution Manager

CVE-2023-36921

Weakness Enumeration

Related Identifiers

Affected Products

References · 6