CVE-2019-0307
low-risk
Published 2019-06-12
Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an attacker with admin privileges could gain access to the entire configuration, but no system sensitive information can be gained.
Do I need to act?
~
6.1% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
2
CVSS 2.4/10
Low
ADJACENT_NETWORK
/ LOW complexity
Affected Products (1)
Affected Vendors
References (4)
Permissions Required
https://launchpad.support.sap.com/#/notes/2772266
Permissions Required
https://launchpad.support.sap.com/#/notes/2772266
24
/ 100
low-risk
Severity
10/34 · Low
Exploitability
9/34 · Low
Exposure
5/34 · Minimal