CVE-2023-26458

CWE-668Exposure to Wrong Sphere3 documents3 sources
Severity
8.7HIGH
EPSS
0.2%
top 56.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP Landscape Management
Timeline
PublishedApr 11

Description

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:NExploitability: 2.3 | Impact: 4.0

Affected Packages2 packages

🔴Vulnerability Details

2
CVEList
Information Disclosure vulnerability in SAP Landscape Management2023-04-11
GHSA
GHSA-29qc-f8cr-rmg5: An information disclosure vulnerability exists in SAP Landscape Management - version 32023-04-11
CVE-2023-26458 (HIGH CVSS 8.7) | An information disclosure vulnerabi | cvebase.io