CVE-2023-36925

Name of the Vulnerable Software and Affected Versions SAP Solution Manager (Diagnostics agent) version 7.20

Description The issue is related to insufficient validation of incoming requests, allowing an unauthenticated attacker to execute HTTP requests blindly. Successful exploitation can lead to a limited impact on the confidentiality and availability of the application and other applications that the Diagnostics Agent can access.

Recommendations For SAP Solution Manager (Diagnostics agent) version 7.20, consider restricting access to the Diagnostics Agent to minimize the risk of exploitation until a patch is available. As a temporary workaround, disabling the ability to execute HTTP requests blindly may help mitigate the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.