SAP Diagnostics Agent
By the Year
In 2024 there have been 0 vulnerabilities in SAP Diagnostics Agent . Last year Diagnostics Agent had 1 security vulnerability published. Right now, Diagnostics Agent is on track to have less security vulnerabilities in 2024 than it did last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2024 | 0 | 0.00 |
| 2023 | 1 | 8.10 |
| 2022 | 0 | 0.00 |
| 2021 | 0 | 0.00 |
| 2020 | 0 | 0.00 |
| 2019 | 2 | 6.70 |
| 2018 | 0 | 0.00 |
It may take a day or so for new Diagnostics Agent vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent SAP Diagnostics Agent Security Vulnerabilities
Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720
CVE-2023-27267
8.1 - High
- April 11, 2023
Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system.
Missing Authentication for Critical Function
Under certain conditions SAP Data Hub (corrected in DH_Foundation version 2)
CVE-2019-0390
4.3 - Medium
- November 13, 2019
Under certain conditions SAP Data Hub (corrected in DH_Foundation version 2) allows an attacker to access information which would otherwise be restricted. Connection details that are maintained in Connection Manager are visible to users.
Information Disclosure
The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code
CVE-2019-0330
9.1 - Critical
- July 10, 2019
The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
Code Injection
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for SAP Diagnostics Agent or by SAP? Click the Watch button to subscribe.
