CVE-2019-0307Missing Encryption of Sensitive Data in SE SAP Solution Manager

CWE-311Missing Encryption of Sensitive Data3 documents3 sources
Severity
2.4LOWNVD
EPSS
6.1%
top 9.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Solution ManagerSAP Solution Manager
Timeline
PublishedJun 12
Latest updateMay 24

Description

Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an attacker with admin privileges could gain access to the entire configuration, but no system sensitive information can be gained.

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-cf98-qgqh-wq9x: Diagnostics Agent in Solution Manager, version 72022-05-24
CVEList
CVE-2019-0307: Diagnostics Agent in Solution Manager, version 72019-06-12