Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an attacker with admin privileges could gain access to the entire configuration, but no system sensitive information can be gained.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/2772266 | Permissions Required Vendor Advisory |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=521864242 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2019-06-12T14:21:39
Updated: 2019-06-12T16:11:08
Reserved: 2018-11-26T00:00:00
Link: CVE-2019-0307
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-06-12T15:29:00.377
Modified: 2020-08-24T17:37:01.140
Link: CVE-2019-0307
JSON object: View
Redhat Information
No data.
CWE