CVE-2022-22547

Published: Mar 10, 2022Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Simple Diagnostics Agent - versions 1.0 (up to version 1.57.), allows an attacker to access information which would otherwise be restricted via a random port 9000-65535. This allows information gathering which could be used exploit future open-source security exploits.

Affected (1)

Products: Sap: Simple Diagnostics Agent

1 product

Simple Diagnostics Agent

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sap Simple Diagnostics Agent	From 1.0 to 1.58

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (8)

http://packetstormsecurity.com/files/167562/SAP-FRUN-Simple-Diagnostics-Agent-1.0-Information-Disclosure.html

Source: cna@sap.com

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2022/Jun/40

Source: cna@sap.com

ExploitMailing ListThird Party Advisory

https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10

Source: cna@sap.com

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3147102

Source: cna@sap.com

Permissions RequiredVendor Advisory

http://packetstormsecurity.com/files/167562/SAP-FRUN-Simple-Diagnostics-Agent-1.0-Information-Disclosure.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party AdvisoryVDB Entry

http://seclists.org/fulldisclosure/2022/Jun/40

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitMailing ListThird Party Advisory

https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://launchpad.support.sap.com/#/notes/3147102

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

Timeline

No history available yet.