Lucene search
K

367 matches found

CNNVD
CNNVD
added 2023/07/11 12:0 a.m.4 views

SAP Solution Manager 安全漏洞

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

7.2CVSS7.1AI score0.00548EPSS
Exploits0References3
NCSC
NCSC
added 2023/07/11 12:0 a.m.66 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including. Business Objects, ECC, HANA, Netweaver, Business Warehouse and Solution Manager. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to the following categories of damage: Cross-Site Scripting XSS...

9.4CVSS7AI score0.00807EPSS
Exploits0
OSV
OSV
added 2023/04/11 3:15 a.m.5 views

CVE-2023-26458

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The...

8.7CVSS6.7AI score0.00555EPSS
Exploits0References2
NVD
NVD
added 2023/04/11 3:15 a.m.30 views

CVE-2023-26458

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The...

8.7CVSS6.9AI score0.00555EPSS
Exploits0References2
Prion
Prion
added 2023/04/11 3:15 a.m.26 views

Information disclosure

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The...

4.7CVSS8AI score0.00555EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/04/11 2:34 a.m.39 views

CVE-2023-26458 Information Disclosure vulnerability in SAP Landscape Management

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The...

6.8CVSS8.3AI score0.00555EPSS
Exploits0References2
CVE
CVE
added 2023/04/11 2:34 a.m.45 views

CVE-2023-26458

The CVE affects SAP Landscape Management (enterprise edition) 3.0. An authenticated SAP Landscape Management user can access the Diagnostics Agent connection via Java SCS Message Server on a Solution Manager system and escalate to obtain privileged access on other systems, leading to information ...

8.7CVSS7.3AI score0.00555EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2023/03/14 6:15 a.m.4 views

CVE-2023-27893

An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems ST-PI - versions 20881700, 20081710, 740, can use a vulnerable interface to execute an application function to perform actions which they...

8.8CVSS7.5AI score0.01184EPSS
Exploits0References2
Prion
Prion
added 2023/03/14 6:15 a.m.13 views

Authorization

An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems ST-PI - versions 20881700, 20081710, 740, can use a vulnerable interface to execute an application function to perform actions which they...

6.5CVSS8.6AI score0.01184EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2023/03/14 5:7 a.m.20 views

CVE-2023-27893 Arbitrary Code Execution in SAP Solution Manager and ABAP managed systems (ST-PI)

An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems ST-PI - versions 20881700, 20081710, 740, can use a vulnerable interface to execute an application function to perform actions which they...

8.8CVSS8.9AI score0.01184EPSS
Exploits0References2
CVE
CVE
added 2023/03/14 5:7 a.m.65 views

CVE-2023-27893

CVE-2023-27893 affects SAP Solution Manager and ABAP managed systems (ST-PI) with vulnerable interface exposure. A user with non-administrative role and standard remote-execution authorization can trigger an application function to perform actions outside their permissions, potentially reading or...

8.8CVSS8.7AI score0.01184EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/14 5:7 a.m.5 views

CVE-2023-27893 Arbitrary Code Execution in SAP Solution Manager and ABAP managed systems (ST-PI)

An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems ST-PI - versions 20881700, 20081710, 740, can use a vulnerable interface to execute an application function to perform actions which they...

8.8CVSS8.7AI score0.01184EPSS
Exploits0References2
CNNVD
CNNVD
added 2023/03/14 12:0 a.m.4 views

SAP Solution Manager 代码注入漏洞

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

8.8CVSS8.3AI score0.01184EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/03/14 12:0 a.m.4 views

PT-2023-21400 · Sap · Abap +1

Name of the Vulnerable Software and Affected Versions: SAP Solution Manager and ABAP managed systems ST-PI versions 2088 1 700, 2008 1 710, 740 Description: An attacker authenticated as a user with a non-administrative role and a common remote execution authorization can use a vulnerable interfac...

8.8CVSS8.6AI score0.01184EPSS
Exploits0References5
NCSC
NCSC
added 2023/03/14 12:0 a.m.53 views

Vulnerabilities fixed in SAP products

SAP has released updates for several products, including SAP ERP, Netweaver, HAMA, Business Objects and SAP Solution Manager. A malicious party could potentially exploit the vulnerabilities and cause damage cause damage in the categories listed below: Cross-Site Scripting XSS Denial-of-Service Do...

9.9CVSS6.8AI score0.01184EPSS
Exploits0
CNVD
CNVD
added 2023/02/17 12:0 a.m.7 views

SAP Solution Manager Input Validation Error Vulnerability

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as a system management platform. An input validation error vulnerability exists in SAP Solution Manager version 720, which stems from insufficie...

6.5CVSS6.1AI score0.00302EPSS
Exploits0References1
CNVD
CNVD
added 2023/02/17 12:0 a.m.21 views

SAP Solution Manager Cross-Site Scripting Vulnerability (CNVD-2023-40171)

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

6.5CVSS5.8AI score0.00385EPSS
Exploits0References1
OSV
OSV
added 2023/02/14 4:15 a.m.2 views

CVE-2023-23855

SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. A successful attack could lead an attacker to read or modify the information or expose the user to a phishing attack. As a result, it has a low impact to...

5.4CVSS5.9AI score
Exploits0References2
NVD
NVD
added 2023/02/14 4:15 a.m.28 views

CVE-2023-23855

SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. A successful attack could lead an attacker to read or modify the information or expose the user to a phishing attack. As a result, it has a low impact to...

6.5CVSS6.2AI score0.00302EPSS
Exploits0References2
OSV
OSV
added 2023/02/14 4:15 a.m.2 views

CVE-2023-23852

SAP Solution Manager System Monitoring - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting XSS vulnerability...

6.1CVSS6.4AI score0.00418EPSS
Exploits0References2
Rows per page
Query Builder