367 matches found
CVE-2022-22544
Solution Manager Diagnostics Root Cause Analysis Tools - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. An attacker could thereby control the managed systems. It is considered that this is a missing segregation of duty f...
CVE-2021-21483
Under certain conditions SAP Solution Manager, version - 720, allows a high privileged attacker to get access to sensitive information which has a direct serious impact beyond the exploitable component thereby affecting the confidentiality in the application...
CVE-2020-6260
SAP Solution Manager Trace Analysis, version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. The application shows additional data that do not actually exist...
CVE-2020-6261
SAP Solution Manager Trace Analysis, version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired...
CVE-2019-0293
Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system ST-PI, before versions 20081700, 20081710, and 740...
CVE-2019-0291
Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted...
Vulnerabilities fixed in SAP products
SAP has fixed vulnerabilities in several products, including SAP Financial Consolidation, SAP Landscape Transformation, SAP NetWeaver Application Server ABAP, SAP Commerce Cloud, SAP ERP BW, SAP BusinessObjects Business Intelligence Platform, SAP KMC WPC, SAP Solution Manager, SAP S4CORE, and SAP...
The vulnerability of the SAP Solution Manager platform, related to deficiencies in the authentication process, allows a perpetrator to compromise the confidentiality of protected information.
The vulnerability of the SAP Solution Manager platform is related to deficiencies in the authentication process. Exploiting this vulnerability could allow attackers to compromise the confidentiality of the protected information...
SAP Solution Manager File Upload Vulnerability
SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as a system management platform. A file upload vulnerability exists in SAP Solution Manager that stems from the application's lack of effective...
SAP Solution Manager Directory Traversal Vulnerability
SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as a system management platform. A directory traversal vulnerability exists in SAP Solution Manager, which stems from a lack of validity checkin...
CVE-2025-30017
Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application...
CVE-2025-27428
Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high impact on...
CVE-2025-30017
Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application...
CVE-2025-27428
Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high impact on...
CVE-2025-30017
CVE-2025-30017 affects SAP Solution Manager 7.1. The issue is a missing authorization check that could let an authenticated attacker upload a file as a template for solution documentation, with limited impact on the application’s integrity and availability. Remediation is via SAP security patches...
CVE-2025-30017 Missing Authorization check in SAP Solution Manager
Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application...
CVE-2025-30017 Missing Authorization check in SAP Solution Manager
Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application...
CVE-2025-27428 Directory Traversal vulnerability in SAP NetWeaver and ABAP Platform (Service Data Collection)
Due to directory traversal vulnerability, an authorized attacker could gain access to some critical information by using RFC enabled function module. Upon successful exploitation, they could read files from any managed system connected to SAP Solution Manager, leading to high impact on...
PT-2025-15375 · Sap · Sap Solution Manager
Name of the Vulnerable Software and Affected Versions: SAP Solution Manager version 7.1 Description: The issue is caused by a missing authorization check, allowing an authenticated attacker to upload a file as a template for solution documentation. This can lead to limited impact on the integrity...
PT-2025-15367 · Sap · Sap Solution Manager
Name of the Vulnerable Software and Affected Versions: SAP Solution Manager affected versions not specified Description: The issue is related to a directory traversal vulnerability. An authorized attacker could access critical information by using an RFC enabled function module. If successfully...