Vulnerability CVE-2019-0307


Published: 2019-06-12

Description:
Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an attacker with admin privileges could gain access to the entire configuration, but no system sensitive information can be gained.

Type:

CWE-255

(Credentials Management)

CVSS2 => (AV:A/AC:L/Au:S/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
2.7/10
2.9/10
5.1/10
Exploit range
Attack complexity
Authentication
Adjacent network
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None
Affected software
SAP -> Solution manager 

 References:
https://launchpad.support.sap.com/#/notes/2772266
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242

Copyright 2020, cxsecurity.com

 

Back to Top