CVE-2022-41261
First published: Mon Dec 12 2022(Updated: )
SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Solution Manager | =7.20 | |
| Microsoft Windows |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-41261.
What is the severity of CVE-2022-41261?
The severity of CVE-2022-41261 is medium with a severity value of 5.5.
What software is affected by CVE-2022-41261?
SAP Solution Manager version 7.20 is affected by CVE-2022-41261.
How can an attacker exploit CVE-2022-41261?
An authenticated attacker on a Windows system can exploit CVE-2022-41261 to access a file containing sensitive data, which can be used to access a configuration file with credentials to access other system files.
Are there any references for CVE-2022-41261?
Yes, you can refer to the following links: [SAP Note 3265173](https://launchpad.support.sap.com/#/notes/3265173) and [SAP Security Note](https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html).
- collector/nvd-index
- agent/references
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/event
- agent/description
- agent/first-publish-date
- vendor/sap
- canonical/sap solution manager
- version/sap solution manager/7.20
- vendor/microsoft
- canonical/microsoft windows