SAP Solution Manager 7.20 Diagnostic Agent Header Tampering (CVE-2023-36921)
CVE-2023-36921 Published on July 11, 2023

Header Injection in SAP Solution Manager (Diagnostic Agent)
SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application.

NVD

Vulnerability Analysis

CVE-2023-36921 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity, and a small impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
LOW
Integrity Impact:
NONE
Availability Impact:
LOW

Weakness Type

Improper Neutralization of HTTP Headers for Scripting Syntax

The application does not neutralize or incorrectly neutralizes web scripting syntax in HTTP headers that can be used by web browser components that can process raw headers, such as Flash.


Products Associated with CVE-2023-36921

Want to know whenever a new CVE is published for SAP Solution Manager? stack.watch will email you.

SAP Solution Manager
 

Affected Versions

SAP_SE SAP Solution Manager (Diagnostic Agent) Version 7.20 is affected by CVE-2023-36921

Exploit Probability

EPSS
0.31%
Percentile
54.02%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.