CVE-2019-0330

CWE-94 — Code Injection3 documents3 sources

Severity

9.1CRITICAL

EPSS

0.8%

top 26.42%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Diagnostic Agent (lm-service)SAP Diagnostics Agent

Timeline

PublishedJul 10

Latest updateMay 24

Description

The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages2 packages

▶CVEListV5sap_se/sap_diagnostic_agent_(lm-service)< 7.20

▶NVDsap/diagnostics_agent7.20

🔴Vulnerability Details

GHSA

GHSA-w7v3-vgf4-xqcc: The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7↗2022-05-24

▶

CVEList

CVE-2019-0330: The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7↗2019-07-10

▶