SAP Patches Critical Vulnerability in Diagnostic Agent


SAP has released a patch for a critical vulnerability in its SolMan Diagnostic Agent (SMDAgent), which manages the monitoring and diagnostics events communications between every SAP system and Solution Manager.

The SAP vulnerability, which has a CVSS score of 9.1, was disclosed by security research Yvan Genuer, from Boston-based cybersecurity firm Onapsis. He said that an attacker could bypass the system’s whitelisting processes using a custom crafted payload that would offer “full control” over a given SAP system.

Onapsis explained: “Using its basic functionality, a SolMan admin can execute OS commands through a GAP_ADMIN transaction, in order to perform analysis

To see the full content, share this page by clicking one of the buttons below
Click on a tab to select how you'd like to leave your comment

Leave A Reply

Your email address will not be published.