CVE-2023-27267

CRITICAL

SAP Diagnostics Agent 720 - Unauthenticated Remote Code Execution via OSCommand Bridge

Title source: llm

Description

Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system.

References (2)

Core 2

Core References

Permissions Required

https://launchpad.support.sap.com/#/notes/3305369

Vendor Advisory

https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html

Scores

CVSS v3 9.0

EPSS 0.0242

EPSS Percentile 85.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-306

Status published

Products (1)

sap/diagnostics_agent 720

Published Apr 11, 2023

Tracked Since Feb 18, 2026