SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting.
5.4CVSS
5.4AI Score
0.001EPSS
Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted.
5.5CVSS
5.3AI Score
0.001EPSS
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. The application shows additional data that do not actually exist.
5.3CVSS
5.2AI Score
0.001EPSS
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.
5.3CVSS
5.5AI Score
0.001EPSS
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of ...
5.9CVSS
6AI Score
0.002EPSS