CVE-2022-24396
Published Mar 10, 2022
Last updated a year ago
Overview
- Description
- The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities and read, modify, or delete sensitive information and configurations.
- Source
- cna@sap.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 7.2
- Impact score
- 10
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses
- cna@sap.com
- CWE-306
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:simple_diagnostics_agent:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1D15E1C0-4565-4829-B67C-BBDA7D2C8BFD",
"versionEndIncluding": "1.57",
"versionStartIncluding": "1.0"
}
],
"operator": "OR"
}
]
}
]