SAP Solution Manager 7.2 - Remote Command Execution

SAP Solution Manager SolMan running version 7.2 has a remote command execution vulnerability within the SAP EEM servlet tcsmdagentapplicationeem. The vulnerability occurs due to missing authentication checks when submitting SOAP requests to the /EemAdminService/EemAdmin page to get information...

EUVD-2016-1203

Malware in sbrugna...

Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw

Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager SolMan version 7.2 S...

Default credentials

Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an attacker with admin privileges could gain access to t...

SAP Solman 7.31 Information Disclosure

Application: SAP Solman Versions Affected: SAP Solman 7.1-7.31 Vendor URL: http://SAP.com Bugs: Information Disclosure Sent: 12.07.2016 Reported: 13.07.2016 Vendor response: 13.07.2016 Date of Public Advisory: 13.09.2016 Reference: SAP Security Note 2344524 Author: Roman Bezhan ERPScan Descriptio...

SAP Solman 7.31 Information Disclosure Vulnerability

SAP Solman versions 7.1 through 7.31 suffer from an information disclosure vulnerability. Application: SAP Solman Versions Affected: SAP Solman 7.1-7.31 Vendor URL: http://SAP.com Bugs: Information Disclosure Sent: 12.07.2016 Reported: 13.07.2016 Vendor response: 13.07.2016 Date of Public Advisor...

Code injection

Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/cafeugpexampletimeoffwd requests, aka SAP Security Note 2344524...

CVE-2016-10005

Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/cafeugpexampletimeoffwd requests, aka SAP Security Note 2344524...

CVE-2016-10005

Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/cafeugpexampletimeoffwd requests, aka SAP Security Note 2344524...

CVE-2016-10005

CVE-2016-10005 affects SAP SolMan 7.1–7.31, via the webdynpro component path caf~eu~gp~example~timeoff~wd, enabling an anonymous, network-based attacker to disclose sensitive information defined in the system. The vulnerability is categorized as Information Disclosure and is linked to SAP Securit...

SAP Solman - user accounts disclosure CVE-2016-10005

Application: SAP Solman Versions Affected: SAP Solman 7.1-7.31 Vendor URL: SAP Bugs: Information Disclosure Reported: 12.07.2016 Vendor response: 13.07.2016 Date of Public Advisory: 13.09.2016 Reference: SAP Security Note 2344524 Author: Roman Bezhan ERPScan VULNERABILITY INFORMATION CVE-2016-100...