CVE-2023-27267 | Multiple vulnerabilities in SAP Diagnostics Agent (OSCommand Bridge)
Due to missing authentication and insufficient input validation, the OSCommand Bridge of SAP Diagnostics Agent - version 720, allows an attacker with deep knowledge of the system to execute scripts on all connected Diagnostics Agents. On successful exploitation, the attacker can completely compromise confidentiality, integrity and availability of the system.
Conclusion & alert: CVE-2023-27267 is rated High Risk (74.6/100): CVSS Critical severity, with high exploitation likelihood (EPSS 14.20%, 96th percentile).Core evidence: EPSS ranks this CVE among the most likely to be exploited in the near term. EPSS rose +11.78% over the last day, indicating growing attacker interest.Mandatory action: High exploitation likelihood—assess exposure and prioritize remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Exploit prediction scoring system (EPSS) score for CVE-2023-27267
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).