/support/notes/service/sap_logo.png){kind=logo}
SAP Knowledge Base Article - PreviewSymptom
Due to missing authentication and code injection prevention, the OSCommand Bridge allows an attacker to execute code on all connected Diagnostics Agents.
On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system.
Read more...
Environment
SAP Solution Manager 7.2 SP03 and higher
Product
SAP Solution Manager 7.2
Keywords
Missing Authentication, code injection, LM-SERVICE, SAP Solution Manager 7.2, This feature has been discontinued, See SAP Note 3305342, ABAP Read SysLog, Number of specific ABAP System Log Messages, test data collector, Data Provider Status, Unexpected exception, CVE-2023-27267 , CVE-2023-27497
, KBA , SV-SMG-DIA-SRV-AGT , Agent Framework , Known Error
About this page
This is a preview of a SAP Knowledge Base Article. Click more to access the full version on SAP for Me (Login required).Search for additional results
Visit SAP Support Portal's SAP Notes and KBA Search.
/support/notes/service/facebook.svg)
/support/notes/service/twitter.svg)
/support/notes/service/youtube.svg)
/support/notes/service/linkedin.svg)
/support/notes/service/instagram2.svg)