Lucene search

Solution Manager Security Vulnerabilities - CVSS Score 5 - 6

cve

CVE-2018-2405

SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting.

5.4CVSS

5.4AI Score

0.001EPSS

2018-04-10 03:29 PM

cve

CVE-2019-0291

Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted.

5.5CVSS

5.3AI Score

0.001EPSS

2019-05-14 09:29 PM

cve

CVE-2020-6260

SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. The application shows additional data that do not actually exist.

5.3CVSS

5.2AI Score

0.001EPSS

2020-06-10 01:15 PM

cve

CVE-2020-6261

SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired.

5.3CVSS

5.5AI Score

0.001EPSS

2020-07-01 01:15 PM

cve

CVE-2020-6369

SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of ...

5.9CVSS

6AI Score

0.002EPSS

2020-10-20 02:15 PM