Unrated severityNVD Advisory· Published Apr 11, 2023· Updated Feb 7, 2025

Information Disclosure vulnerability in SAP Landscape Management

CVE-2023-26458

Description

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system.

Affected products

SAP/Landscape Managementllm-fuzzy2 versions
= 3.0+ 1 more
- (no CPE)range: = 3.0
- (no CPE)range: 3.0

Patches

Vulnerability mechanics

References

launchpad.support.sap.commitre
www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.htmlmitre

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000