CVE-2019-0330
CRITICALSAP Diagnostic Agent 7.2 - OS Command Injection via OS Command Plugin
Title source: llmDescription
The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/109068
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2808158
Vendor Advisory x_refsource_confirm
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575
Scores
CVSS v3
9.1
EPSS
0.0076
EPSS Percentile
73.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Details
CWE
CWE-94
Status
published
Products (1)
sap/diagnostics_agent
7.20
Published
Jul 10, 2019
Tracked Since
Feb 18, 2026