CVE-2023-26458

MEDIUM

SAP Landscape Management <3.0 - Info Disclosure

Title source: llm

Description

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system.

References (2)

[Permissions Required] https://launchpad.support.sap.com/#/notes/3312733

[Vendor Advisory] https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 6.8

EPSS 0.0021

EPSS Percentile 43.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N

Classification

CWE

CWE-668

Status published

Affected Products (1)

sap/landscape_management

Timeline

Published Apr 11, 2023

Tracked Since Feb 18, 2026