CVE-2019-0307

Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an attacker with admin privileges could gain access to t...

CVE-2019-0307

Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an attacker with admin privileges could gain access to t...

CVE-2019-0307

CVE-2019-0307 affects SAP Solution Manager Diagnostics Agent (SMDAgent) in version 7.2. The issue arises from unencrypted storage of credentials (in SAP Secure Storage) such as SLD connection and Solman communications, which can be decoded by an admin and used to access the entire configuration. ...

CVE-2019-0293

Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system ST-PI, before versions 20081700, 20081710, and 740...

CVE-2019-0291

Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted...

CVE-2019-0293

Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system ST-PI, before versions 20081700, 20081710, and 740...

Authorization

Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system ST-PI, before versions 20081700, 20081710, and 740...

CVE-2019-0291

Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted...

Authentication flaw

Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted...

CVE-2019-0293

CVE-2019-0293 concerns the SAP ST-PI component where a read of an RFC destination may skip necessary authorization checks, enabling a local escalation of privileges to view information on RFC destinations on managed systems and SAP Solution Manager. Affected are ST-PI versions prior to 2008_1_700...

CVE-2019-0293

Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system ST-PI, before versions 20081700, 20081710, and 740...

CVE-2019-0291

Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted...

CVE-2019-0291

Technical details for CVE-2019-0291 are not publicly available in the provided documents. Monitor for updates; no specifics on affected products, impact, or fixes are provided.

SAP Solution Manager Incident Management Work Center Cross-Site Scripting Vulnerability

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

CVE-2018-2405

SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting...

CVE-2018-2405

SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting...

Cross site scripting

SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting...

CVE-2018-2405

SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting...

CVE-2018-2405

SAP Solution Manager, Incident Management Work Center, versions 7.10 and 7.20, is vulnerable to a cross-site scripting flaw caused by insufficient filtering when uploading an attachment. An attacker could upload a malicious script as an attachment and have it execute in a user’s browser. Root cau...

SAP Solution Manager Privilege Bypass Vulnerability

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...