Header Injection in SAP Solution Manager (Diagnostic Agent)

SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to serve poisoned content to the server. On successful exploitation, the attacker can cause a limited impact on confidentiality and availability of the application.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:L

对HTTP头部进行脚本语法转义处理不恰当

SAP Solution Manager 安全漏洞

SAP Solution Manager是德国思爱普（SAP）公司的一套集系统监控、SAP支持桌面、自助服务、ASAP实施等多个功能为一体的系统管理平台。该平台可以帮助客户建立SAP解决方案的生命周期管理，并提供系统监控、远程支持服务和SAP产品组件升级等功能。 SAP Solution Manager 存在安全漏洞，该漏洞源于可以篡改客户端请求中的标头。

N/A

N/A