33 matches found
CVE-2020-6207
CVE-2020-6207 affects SAP Solution Manager 7.2, specifically the End User Experience Monitoring (EEM) servlet. The vulnerability is due to missing authentication checks, allowing unauthenticated access that can compromise all connected SMDAgents and enables remote code execution or command execut...
CVE-2022-22544
SAP Solution Manager 720’s Diagnostics Root Cause Analysis Tool suffers from insufficient access control, enabling an administrator to execute code on all connected Diagnostics Agents and browse their files. This could allow an attacker with admin privileges to control managed systems, leading to...
CVE-2020-6198
CVE-2020-6198 affects SAP Solution Manager (Diagnostics Agent), Version 720. Root cause: Missing authentication allows unencrypted connections from unauthenticated sources, enabling an attacker to remotely control all agent functions. Documents cite high/critical impact (CVSS v3.1 base score 9.8)...
CVE-2022-41275
CVE-2022-41275 affects SAP Solution Manager (Enterprise Search) versions 740 and 750. An unauthenticated attacker can craft a link that, when a logged-in user clicks it, redirects the user to a malicious page capable of reading or modifying sensitive information or enabling a phishing attack. Imp...
CVE-2019-0307
CVE-2019-0307 affects SAP Solution Manager Diagnostics Agent (SMDAgent) in version 7.2. The issue arises from unencrypted storage of credentials (in SAP Secure Storage) such as SLD connection and Solman communications, which can be decoded by an admin and used to access the entire configuration. ...
CVE-2020-26836
SAP Solution Manager (Trace Analysis) 7.2 (ST 720) contains an Open Redirect vulnerability caused by misuse of a URL parameter. An attacker could craft a link that, when clicked by a user, redirects to a malicious site, potentially enabling credential theft or malware delivery. Affected component...
CVE-2023-27893
CVE-2023-27893 affects SAP Solution Manager and ABAP managed systems (ST-PI) with vulnerable interface exposure. A user with non-administrative role and standard remote-execution authorization can trigger an application function to perform actions outside their permissions, potentially reading or...
CVE-2023-23852
The CVE concerns SAP Solution Manager (System Monitoring) version 720 with a Cross‑Site Scripting (XSS) vulnerability caused by insufficient encoding of user‑controlled inputs. The issue is documented across multiple sources (NVD, Red Hat, PRION, CVE lists, and PT Security). Connected documents i...
CVE-2016-10005
CVE-2016-10005 affects SAP SolMan 7.1–7.31, via the webdynpro component path caf~eu~gp~example~timeoff~wd, enabling an anonymous, network-based attacker to disclose sensitive information defined in the system. The vulnerability is categorized as Information Disclosure and is linked to SAP Securit...
CVE-2020-6235
CVE-2020-6235 affects SAP Solution Manager (Diagnostics Agent) 7.2, where the Collector Simulator lacks authentication checks, causing Missing Authentication. Multiple sources (NVD, Red Hat, CNVD, CVE lists) describe this issue with network-facing exposure and potential high impact on confidentia...
CVE-2022-41261
CVE-2022-41261 concerns SAP Solution Manager (Diagnostic Agent) 7.20. An authenticated attacker on Windows can access a file containing sensitive data, which can be used to reach a configuration file with credentials to access other system files. Successful exploitation may grant access to files ...
CVE-2023-23855
SAP Solution Manager 720 is affected by an authenticated-user URL validation issue that enables redirection to a malicious site, potentially exposing or allowing modification of information and phishing, per CVE-2023-23855. Root cause: insufficient URL validation in the application. Public refere...
CVE-2023-36925
The CVE-2023-36925 issue affects SAP Solution Manager (Diagnostics agent) v7.20, where insufficient validation of incoming requests allows an unauthenticated attacker to blindly make HTTP requests. This SSRF-style flaw can lead to a limited impact on confidentiality and availability of the SAP So...
CVE-2023-0025
Summary: CVE-2023-0025 affects SAP Solution Manager (BSP Application) version 720. An authenticated attacker can craft a malicious link that, when a user clicks it, may read or modify sensitive information or craft a payload to restrict access. What is affected: SAP Solution Manager (BSP Applicat...
CVE-2019-0291
Technical details for CVE-2019-0291 are not publicly available in the provided documents. Monitor for updates; no specifics on affected products, impact, or fixes are provided.
CVE-2020-26822
SAP Solution Manager (JAVA stack) 7.20 is affected by CVE-2020-26822 due to missing authorization checks in the Outside Discovery Configuration Service, enabling an unauthenticated attacker to compromise the system with impact to integrity and availability. The consolidated sources (NVD entry and...
CVE-2020-26824
CVE-2020-26824 affects SAP Solution Manager (JAVA stack) version 7.20. The vulnerability is due to missing authorization checks in the Upgrade Legacy Ports Service, allowing an unauthenticated attacker to compromise the system and impacting both integrity and availability. Public disclosures in m...
CVE-2020-6260
SAP Solution Manager (Trace Analysis) 7.20 is affected by CVE-2020-6260 due to incomplete XML validation, enabling an attacker to inject data that the application may display, exposing data that does not exist. The issue is network-accessible with low attack complexity and requires no authenticat...
CVE-2023-0024
CVE-2023-0024 affects SAP Solution Manager (BSP Application) v720. An authenticated attacker can craft a malicious link which, when clicked by a user, may read or modify sensitive information or deliver a payload that restricts access, resulting in a Cross-Site Scripting (XSS) vulnerability. The ...
CVE-2023-36921
CVE-2023-36921 relates to SAP Solution Manager (Diagnostics agent) v7.20, where an attacker can tamper with headers in a client request, causing the SAP Diagnostics Agent to serve poisoned content to the server. The underlying impact is limited: confidentiality and availability are affected to a ...
CVE-2020-26837
SAP Solution Manager 7.2 (User Experience Monitoring) is affected by a path traversal vulnerability. A authenticated user can upload a malicious script, potentially exposing file-system data (confidentiality), partially modifying configurations (integrity) and partially impacting availability. Th...
CVE-2018-2405
SAP Solution Manager, Incident Management Work Center, versions 7.10 and 7.20, is vulnerable to a cross-site scripting flaw caused by insufficient filtering when uploading an attachment. An attacker could upload a malicious script as an attachment and have it execute in a user’s browser. Root cau...
CVE-2020-26830
CVE-2020-26830 applies to SAP Solution Manager 7.2 (User Experience Monitoring). The common thread across connected sources is a missing authorization check for authenticated users, enabling a regular user to perform operations restricted to administrators (change UX monitoring config, view agent...
CVE-2014-5175
CVE-2014-5175 affects SAP Solution Manager 7.1, specifically the License Measurement servlet, where remote attackers may bypass authentication via unspecified vectors related to a verb tampering attack and SAP_JTECHS. The available sources identify the affected product and the attack class but do...
CVE-2020-6369
CVE-2020-6369 affects SAP Solution Manager and SAP Focused Run. The issue allows an unauthenticated attacker to bypass login if the default passwords for Admin and Guest are not changed, impacting confidentiality. Affected versions are SAP Solution Manager and SAP Focused Run with updates in WILY...
CVE-2020-26821
CVE-2020-26821 affects SAP Solution Manager (JAVA stack) 7.20. An unauthenticated attacker can compromise the system due to missing authorization checks in the SVG Converter Service, impacting integrity and availability. Documented CVSSv3.1 base score is 10.0 (network, no privileges, no user inte...
CVE-2018-2361
In SAP Solution Manager 7.20, the SAP_BPO_CONFIG role grants the Business Process Operations (BPO) configuration user more authorization than required for configuring BPO tools, creating a privilege-bypass condition. Multiple sources corroborate a privilege-elevation risk leading potentially to u...
CVE-2020-6261
SAP Solution Manager (Trace Analysis) 7.20 is affected. The issue allows log injection into the trace file due to incomplete XML validation, impairing readability of trace files. No explicit remediation or patch version is provided in the connected documents. References point to SAP notes/wiki en...
CVE-2020-26823
CVE-2020-26823 affects SAP Solution Manager (JAVA stack) version 7.20, with missing authorization checks in the Upgrade Diagnostics Agent Connection Service. The issue allows an unauthenticated attacker to compromise integrity and availability of the service (CVSSv3 base score 10.0, CRITICAL; vec...
CVE-2020-6271
CVE-2020-6271 affects SAP Solution Manager (Problem Context Manager) version 7.2. The issue arises from insufficient authentication, enabling an attacker to cause memory exhaustion, potentially crash the system and read restricted data (files visible to diagnostics agent admins). Documents consis...
CVE-2021-21483
CVE-2021-21483 concerns SAP Solution Manager 720. The connected documents identify an information disclosure vulnerability whereby a high-privilege attacker can access sensitive information, affecting confidentiality beyond the vulnerable component. The CVSS data indicates network access with low...
CVE-2023-49587
CVE-2023-49587 affects SAP Solution Manager 720. The vulnerability allows an authorized attacker to execute certain deprecated function modules, enabling reading or modification of data across the same or other components over the network, with no user interaction. Root cause cited in multiple so...
CVE-2013-7363
CVE-2013-7363 concerns an unspecified vulnerability in the Diagnostics (SMD) agent of SAP Solution Manager . The connected sources describe that remote attackers can leverage vectors involving the P4 protocol to: (1) obtain sensitive information, (2) modify the configuration of applications, and ...