cvedb.io
CVE-2023-27267
CRITICAL · CVSS 9
EPSS exploitation probability: 0%
Published 2023-04-11T03:15:07.427 · Last modified 2026-06-17T05:44:41.757

Summary

Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system.

Affected products

sap — diagnostics_agent

Does this affect you?

Add your gear to cvedb and we'll alert you only when sap ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.