CVE-2023-26458— Information Disclosure vulnerability in SAP Landscape Management
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2023-26458
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Information Disclosure vulnerability in SAP Landscape Management
Source: NVD (National Vulnerability Database)
Vulnerability Description
An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
将资源暴露给错误范围
Source: NVD (National Vulnerability Database)
Vulnerability Title
SAP Landscape Management 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
SAP Landscape Management是德国思爱普(SAP)公司的一套SAP产品集中管理系统。该系统主要用于集中管理和配置在物理、虚拟和云基础架构中运行的SAP软件系统。 SAP Landscape Management 3.0版本存在安全漏洞。攻击者利用该漏洞可以提升权限。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| SAP | Landscape Management | 3.0 | - |
II. Public POCs for CVE-2023-26458
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2023-26458
请登录查看更多情报信息。
Same Patch Batch · SAP · 2023-04-11 · 18 CVEs total
| CVE-2023-27497 | 10.0 CRITICAL | Multiple vulnerabilities in SAP Diagnostics Agent (EventLogServiceCollector) |
| CVE-2023-28765 | 9.8 CRITICAL | Information Disclosure vulnerability in SAP BusinessObjects Business Intelligence Platform |
| CVE-2023-27267 | 9.0 CRITICAL | Multiple vulnerabilities in SAP Diagnostics Agent (OSCommand Bridge) |
| CVE-2023-29186 | 8.7 HIGH | Directory/Path Traversal vulnerability in SAP NetWeaver. |
| CVE-2023-29187 | 6.7 MEDIUM | DLL Hijacking vulnerability in SapSetup (Software Installation Program) |
| CVE-2023-28761 | 6.5 MEDIUM | Missing Authentication check in SAP NetWeaver Enterprise Portal |
| CVE-2023-28763 | 6.5 MEDIUM | Denial of Service in SAP NetWeaver AS for ABAP and ABAP Platform |
| CVE-2023-27897 | 6.0 MEDIUM | Code Injection vulnerability in SAP CRM |
| CVE-2023-29189 | 5.4 MEDIUM | HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI) |
| CVE-2023-29185 | 5.3 MEDIUM | Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Business Server Pages) |
| CVE-2023-24527 | 5.3 MEDIUM | Improper Access Control in SAP NetWeaver AS Java for Deploy Service |
| CVE-2023-29108 | 5.0 MEDIUM | IP filter vulnerability in ABAP Platform and SAP Web Dispatcher |
| CVE-2023-29109 | 4.4 MEDIUM | Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard) |
| CVE-2023-1903 | 4.3 MEDIUM | Missing Authorization check in SAP HCM Fiori App My Forms (Fiori 2.0) |
| CVE-2023-29110 | 3.7 LOW | Code Injection vulnerability in SAP Application Interface Framework (Message Dashboard) |
| CVE-2023-29112 | 3.7 LOW | Code Injection vulnerability in SAP Application Interface Framework (Message Monitoring) |
| CVE-2023-29111 | 3.1 LOW | Information Disclosure vulnerability in SAP Application Interface Framework (ODATA service |
IV. Related Vulnerabilities
Same vendor: SAP
- CVE-2023-29189
HTTP Verb Tampering vulnerability in SAP CRM (WebClient UI) - CVE-2023-29187
DLL Hijacking vulnerability in SapSetup (Software Installati - CVE-2023-29186
Directory/Path Traversal vulnerability in SAP NetWeaver. - CVE-2023-29185
Denial of Service (DOS) in SAP NetWeaver AS for ABAP (Busine - CVE-2023-29112
Code Injection vulnerability in SAP Application Interface Fr
Same weakness: CWE-668
- CVE-2026-41369
OpenClaw < 2026.3.31 - Insufficient Environment Variable San - CVE-2026-41368
OpenClaw < 2026.3.28 - Environment Variable Disclosure via j - CVE-2026-41362
OpenClaw 2026.2.19 < 2026.3.31 - Webhook Replay Dedupe Cache - CVE-2026-6830
Nesquena Hermes WebUI Environment Variable Credential Leakag - CVE-2026-32690
Apache Airflow: 3.x - Nested Variable Secret Values Bypass R
V. Comments for CVE-2023-26458
No comments yet