Unrated severityNVD Advisory· Published Mar 8, 2022· Updated Aug 3, 2024
CVE-2022-24396
CVE-2022-24396
Description
The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities and read, modify, or delete sensitive information and configurations.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: >=1.0, <=1.57
- SAP SE/SAP Focused Run (Simple Diagnostics Agent)v5Range: < >= 1.0
Patches
Vulnerability mechanics
References
4- packetstormsecurity.com/files/167560/SAP-FRUN-Simple-Diagnostics-Agent-1.0-Missing-Authentication.htmlmitrex_refsource_MISC
- seclists.org/fulldisclosure/2022/Jun/38mitremailing-listx_refsource_FULLDISC
- dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htmmitrex_refsource_MISC
- launchpad.support.sap.commitrex_refsource_MISC
News mentions
0No linked articles in our index yet.