CVE-2023-36921

HIGH

SAP Solution Manager (Diagnostics agent) -7.20 - SSRF

Title source: llm
STIX 2.1

Description

SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application.

References (2)

Scores

CVSS v3 7.2
EPSS 0.0039
EPSS Percentile 59.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-644 CWE-116
Status published
Products (1)
sap/solution_manager 7.20
Published Jul 11, 2023
Tracked Since Feb 18, 2026