CVE-2019-0330

EUVD-2019-1103
The OS Command Plugin in the transaction GPA_ADMIN and the OSCommand Console of SAP Diagnostic Agent (LM-Service), version 7.2, allow an attacker to inject code that can be executed by the application. An attacker could thereby control the behavior of the application.
Code Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
sapdiagnostics_agent
7.20
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/109068
https://launchpad.support.sap.com/#/notes/2808158
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575
http://www.securityfocus.com/bid/109068
https://launchpad.support.sap.com/#/notes/2808158
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=523994575