RCE in Sap Solution_manager
CVE-2023-49587
SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network.
Vulnerability class: Command Injection (OS Command Injection)
EPSS: 0.004 (32.5th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N.
Affected products
- Sap Solution_manager — versions 720
- Sap_se Sap Solution Manager — versions 720
Weakness classification (CWE)
References
- cna@sap.com (Permissions Required)
- cna@sap.com (Vendor Advisory)
Frequently asked questions
- What is CVE-2023-49587?
- CVE-2023-49587 is a medium-severity vulnerability in Sap Solution_manager, classified under Command Injection. CVSS score: 6.4/10. Published 2023-12-12.
- How severe is CVE-2023-49587?
- Medium severity. CVSS v3 base score is 6.4 out of 10.