How severe is CVE-2023-26458?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.7 out of 10.

What type of vulnerability is CVE-2023-26458?

This is classified as CWE-668, which is a common weakness in software security.

CVE-2023-26458 - HIGH Severity | CVSS 8.7

Vulnerability Description

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system.

Related Vulnerabilities

CVE-2018-8861

HIGH

CVSS:8.7(High)

Vulnerabilities within the Philips Brilliance CT kiosk environment (Brilliance 64 version 2.6.2 and prior, Brilliance iCT versions 4.1.6 and prior, Brillance iCT SP versions 3.2.4 and prior, and Brill...

CWE-6682018

CVE-2020-11303

HIGH

CVSS:8.6(High)

Accepting AMSDU frames with mismatched destination and source address can lead to information disclosure in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer Electronics Connectivity, Snap...

CWE-6682020

CVE-2021-39184

HIGH

CVSS:8.6(High)

Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. A vulnerability in versions prior to 11.5.0, 12.1.0, and 13.3.0 allows a sandboxed renderer to r...

CWE-6682021

CVE-2016-10840

HIGH

CVSS:8.8(High)

cPanel before 11.54.0.4 allows arbitrary code execution during locale duplication (SEC-72).

CWE-6682016

CVE-2017-0367

HIGH

CVSS:8.8(High)

Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.

CWE-6682017

CVE-2017-15393

HIGH

CVSS:8.8(High)

Insufficient Policy Enforcement in Devtools remote debugging in Google Chrome prior to 62.0.3202.62 allowed a remote attacker to obtain access to remote debugging functionality via a crafted HTML page...

CWE-6682017