CVE-2019-0307
First published: Wed Jun 12 2019(Updated: )
Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an attacker with admin privileges could gain access to the entire configuration, but no system sensitive information can be gained.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Solution Manager | =7.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-0307?
CVE-2019-0307 is a vulnerability in the Diagnostics Agent in Solution Manager version 7.2.
What is the severity of CVE-2019-0307?
CVE-2019-0307 has a severity rating of low (2.4).
How does CVE-2019-0307 impact SAP Solution Manager version 7.2?
CVE-2019-0307 allows an attacker with admin privileges to gain unauthorized access to credentials stored by the Diagnostics Agent in Solution Manager version 7.2.
Is the SAP Secure Storage file encrypted by default in Solution Manager version 7.2?
No, the SAP Secure Storage file in Solution Manager version 7.2 is not encrypted by default.
How can I mitigate the CVE-2019-0307 vulnerability in Solution Manager version 7.2?
To mitigate CVE-2019-0307, you can encrypt the SAP Secure Storage file in Solution Manager version 7.2.
- collector/nvd-index
- agent/weakness
- agent/references
- agent/type
- agent/event
- agent/severity
- agent/author
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap solution manager
- version/sap solution manager/7.2