RCE in Sap Solution_manager

CVE-2023-49587

SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network.

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.004 (32.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.4 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2023-49587?
CVE-2023-49587 is a medium-severity vulnerability in Sap Solution_manager, classified under Command Injection. CVSS score: 6.4/10. Published 2023-12-12.
How severe is CVE-2023-49587?
Medium severity. CVSS v3 base score is 6.4 out of 10.