Lucene search
K

367 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 10:26 p.m.6 views

CVE-2022-22544

Solution Manager Diagnostics Root Cause Analysis Tools - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could thereby control the managed systems. It is considered that this is a missing segregation of duty f...

9.1CVSS7.5AI score0.01326EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:32 p.m.4 views

CVE-2021-21483

Under certain conditions SAP Solution Manager, version - 720, allows a high privileged attacker to get access to sensitive information which has a direct serious impact beyond the exploitable component thereby affecting the confidentiality in the application...

8.2CVSS6.2AI score0.00694EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:30 p.m.3 views

CVE-2020-6260

SAP Solution Manager Trace Analysis, version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. The application shows additional data that do not actually exist...

6.5CVSS6.8AI score0.00775EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 3:40 p.m.6 views

CVE-2020-6261

SAP Solution Manager Trace Analysis, version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired...

5.3CVSS7.2AI score0.00775EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:4 a.m.5 views

CVE-2019-0293

Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system ST-PI, before versions 20081700, 20081710, and 740...

6.5CVSS7AI score0.01459EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:3 a.m.9 views

CVE-2019-0291

Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted...

5.5CVSS6.6AI score0.00387EPSS
Exploits0References1
NCSC
NCSC
added 2025/04/30 1:12 p.m.10 views

Vulnerabilities fixed in SAP products

SAP has fixed vulnerabilities in several products, including SAP Financial Consolidation, SAP Landscape Transformation, SAP NetWeaver Application Server ABAP, SAP Commerce Cloud, SAP ERP BW, SAP BusinessObjects Business Intelligence Platform, SAP KMC WPC, SAP Solution Manager, SAP S4CORE, and SAP...

10CVSS9.2AI score0.99359EPSS
Exploits31References4
BDU FSTEC
BDU FSTEC
added 2025/04/23 12:0 a.m.6 views

The vulnerability of the SAP Solution Manager platform, related to deficiencies in the authentication process, allows a perpetrator to compromise the confidentiality of protected information.

The vulnerability of the SAP Solution Manager platform is related to deficiencies in the authentication process. Exploiting this vulnerability could allow attackers to compromise the confidentiality of the protected information...

4.4CVSS5.5AI score0.0013EPSS
Exploits0References3
CNVD
CNVD
added 2025/04/18 12:0 a.m.4 views

SAP Solution Manager File Upload Vulnerability

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as a system management platform. A file upload vulnerability exists in SAP Solution Manager that stems from the application's lack of effective...

4.4CVSS6.8AI score0.0013EPSS
Exploits0References1
CNVD
CNVD
added 2025/04/18 12:0 a.m.4 views

SAP Solution Manager Directory Traversal Vulnerability

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as a system management platform. A directory traversal vulnerability exists in SAP Solution Manager, which stems from a lack of validity checkin...

7.7CVSS6.4AI score0.0061EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/10 8:27 a.m.19 views

CVE-2025-30017

Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application...

4.4CVSS6.8AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/04/10 8:14 a.m.5 views

CVE-2025-27428

Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high impact on...

7.7CVSS6.8AI score0.0061EPSS
Exploits0References1
NVD
NVD
added 2025/04/08 8:15 a.m.6 views

CVE-2025-30017

Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application...

4.4CVSS0.0013EPSS
Exploits0References2
NVD
NVD
added 2025/04/08 8:15 a.m.8 views

CVE-2025-27428

Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high impact on...

7.7CVSS0.0061EPSS
Exploits0References2
CVE
CVE
added 2025/04/08 7:15 a.m.58 views

CVE-2025-30017

CVE-2025-30017 affects SAP Solution Manager 7.1. The issue is a missing authorization check that could let an authenticated attacker upload a file as a template for solution documentation, with limited impact on the application’s integrity and availability. Remediation is via SAP security patches...

4.4CVSS7AI score0.0013EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/08 7:15 a.m.4 views

CVE-2025-30017 Missing Authorization check in SAP Solution Manager

Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application...

4.4CVSS7AI score0.0013EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/08 7:15 a.m.15 views

CVE-2025-30017 Missing Authorization check in SAP Solution Manager

Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application...

4.4CVSS0.0013EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/08 7:13 a.m.16 views

CVE-2025-27428 Directory Traversal vulnerability in SAP NetWeaver and ABAP Platform (Service Data Collection)

Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high impact on...

7.7CVSS0.0061EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.10 views

PT-2025-15375 · Sap · Sap Solution Manager

Name of the Vulnerable Software and Affected Versions: SAP Solution Manager version 7.1 Description: The issue is caused by a missing authorization check, allowing an authenticated attacker to upload a file as a template for solution documentation. This can lead to limited impact on the integrity...

4.4CVSS6.4AI score0.0013EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2025/04/08 12:0 a.m.4 views

PT-2025-15367 · Sap · Sap Solution Manager

Name of the Vulnerable Software and Affected Versions: SAP Solution Manager affected versions not specified Description: The issue is related to a directory traversal vulnerability. An authorized attacker could access critical information by using an RFC enabled function module. If successfully...

7.7CVSS6AI score0.0061EPSS
Exploits0References9
Rows per page
Query Builder