Lucene search
K
SapSolution Manager

33 matches found

CVE
CVE
added 2020/03/10 8:20 p.m.1280 views

CVE-2020-6207

CVE-2020-6207 affects SAP Solution Manager 7.2, specifically the End User Experience Monitoring (EEM) servlet. The vulnerability is due to missing authentication checks, allowing unauthenticated access that can compromise all connected SMDAgents and enables remote code execution or command execut...

10CVSS9.5AI score0.98376EPSS
In wildWeb
CVE
CVE
added 2022/02/09 10:5 p.m.94 views

CVE-2022-22544

SAP Solution Manager 720’s Diagnostics Root Cause Analysis Tool suffers from insufficient access control, enabling an administrator to execute code on all connected Diagnostics Agents and browse their files. This could allow an attacker with admin privileges to control managed systems, leading to...

9.1CVSS9.3AI score0.01326EPSS
CVE
CVE
added 2020/03/10 8:18 p.m.86 views

CVE-2020-6198

CVE-2020-6198 affects SAP Solution Manager (Diagnostics Agent), Version 720. Root cause: Missing authentication allows unencrypted connections from unauthenticated sources, enabling an attacker to remotely control all agent functions. Documents cite high/critical impact (CVSS v3.1 base score 9.8)...

9.8CVSS9.4AI score0.01383EPSS
CVE
CVE
added 2022/12/13 3:14 a.m.69 views

CVE-2022-41275

CVE-2022-41275 affects SAP Solution Manager (Enterprise Search) versions 740 and 750. An unauthenticated attacker can craft a link that, when a logged-in user clicks it, redirects the user to a malicious page capable of reading or modifying sensitive information or enabling a phishing attack. Imp...

6.1CVSS6.2AI score0.00453EPSS
CVE
CVE
added 2019/06/12 2:21 p.m.66 views

CVE-2019-0307

CVE-2019-0307 affects SAP Solution Manager Diagnostics Agent (SMDAgent) in version 7.2. The issue arises from unencrypted storage of credentials (in SAP Secure Storage) such as SLD connection and Solman communications, which can be decoded by an admin and used to access the entire configuration. ...

2.7CVSS3.9AI score0.02089EPSS
CVE
CVE
added 2020/12/09 4:31 p.m.66 views

CVE-2020-26836

SAP Solution Manager (Trace Analysis) 7.2 (ST 720) contains an Open Redirect vulnerability caused by misuse of a URL parameter. An attacker could craft a link that, when clicked by a user, redirects to a malicious site, potentially enabling credential theft or malware delivery. Affected component...

6.1CVSS6.2AI score0.02338EPSS
In wild
CVE
CVE
added 2023/03/14 5:7 a.m.63 views

CVE-2023-27893

CVE-2023-27893 affects SAP Solution Manager and ABAP managed systems (ST-PI) with vulnerable interface exposure. A user with non-administrative role and standard remote-execution authorization can trigger an application function to perform actions outside their permissions, potentially reading or...

8.8CVSS8.7AI score0.01184EPSS
CVE
CVE
added 2023/02/14 3:12 a.m.61 views

CVE-2023-23852

The CVE concerns SAP Solution Manager (System Monitoring) version 720 with a Cross‑Site Scripting (XSS) vulnerability caused by insufficient encoding of user‑controlled inputs. The issue is documented across multiple sources (NVD, Red Hat, PRION, CVE lists, and PT Security). Connected documents i...

6.1CVSS6AI score0.00418EPSS
CVE
CVE
added 2016/12/19 6:55 a.m.60 views

CVE-2016-10005

CVE-2016-10005 affects SAP SolMan 7.1–7.31, via the webdynpro component path caf~eu~gp~example~timeoff~wd, enabling an anonymous, network-based attacker to disclose sensitive information defined in the system. The vulnerability is categorized as Information Disclosure and is linked to SAP Securit...

7.5CVSS7.2AI score0.02424EPSS
CVE
CVE
added 2020/04/14 6:36 p.m.57 views

CVE-2020-6235

CVE-2020-6235 affects SAP Solution Manager (Diagnostics Agent) 7.2, where the Collector Simulator lacks authentication checks, causing Missing Authentication. Multiple sources (NVD, Red Hat, CNVD, CVE lists) describe this issue with network-facing exposure and potential high impact on confidentia...

8.6CVSS8.6AI score0.01602EPSS
CVE
CVE
added 2022/12/12 9:24 p.m.57 views

CVE-2022-41261

CVE-2022-41261 concerns SAP Solution Manager (Diagnostic Agent) 7.20. An authenticated attacker on Windows can access a file containing sensitive data, which can be used to reach a configuration file with credentials to access other system files. Successful exploitation may grant access to files ...

6CVSS5.4AI score0.00166EPSS
CVE
CVE
added 2023/02/14 3:14 a.m.56 views

CVE-2023-23855

SAP Solution Manager 720 is affected by an authenticated-user URL validation issue that enables redirection to a malicious site, potentially exposing or allowing modification of information and phishing, per CVE-2023-23855. Root cause: insufficient URL validation in the application. Public refere...

6.5CVSS5.2AI score0.00302EPSS
CVE
CVE
added 2023/07/11 2:57 a.m.56 views

CVE-2023-36925

The CVE-2023-36925 issue affects SAP Solution Manager (Diagnostics agent) v7.20, where insufficient validation of incoming requests allows an unauthenticated attacker to blindly make HTTP requests. This SSRF-style flaw can lead to a limited impact on confidentiality and availability of the SAP So...

7.2CVSS7.1AI score0.00536EPSS
CVE
CVE
added 2023/02/14 3:10 a.m.54 views

CVE-2023-0025

Summary: CVE-2023-0025 affects SAP Solution Manager (BSP Application) version 720. An authenticated attacker can craft a malicious link that, when a user clicks it, may read or modify sensitive information or craft a payload to restrict access. What is affected: SAP Solution Manager (BSP Applicat...

6.5CVSS5.1AI score0.00345EPSS
CVE
CVE
added 2019/05/14 8:21 p.m.53 views

CVE-2019-0291

Technical details for CVE-2019-0291 are not publicly available in the provided documents. Monitor for updates; no specifics on affected products, impact, or fixes are provided.

5.5CVSS5.3AI score0.00387EPSS
CVE
CVE
added 2020/11/10 4:15 p.m.52 views

CVE-2020-26822

SAP Solution Manager (JAVA stack) 7.20 is affected by CVE-2020-26822 due to missing authorization checks in the Outside Discovery Configuration Service, enabling an unauthenticated attacker to compromise the system with impact to integrity and availability. The consolidated sources (NVD entry and...

10CVSS9.3AI score0.01284EPSS
CVE
CVE
added 2020/11/10 4:16 p.m.51 views

CVE-2020-26824

CVE-2020-26824 affects SAP Solution Manager (JAVA stack) version 7.20. The vulnerability is due to missing authorization checks in the Upgrade Legacy Ports Service, allowing an unauthenticated attacker to compromise the system and impacting both integrity and availability. Public disclosures in m...

10CVSS9.3AI score0.01284EPSS
CVE
CVE
added 2020/06/10 12:44 p.m.51 views

CVE-2020-6260

SAP Solution Manager (Trace Analysis) 7.20 is affected by CVE-2020-6260 due to incomplete XML validation, enabling an attacker to inject data that the application may display, exposing data that does not exist. The issue is network-accessible with low attack complexity and requires no authenticat...

6.5CVSS5.2AI score0.00775EPSS
CVE
CVE
added 2023/02/14 3:10 a.m.50 views

CVE-2023-0024

CVE-2023-0024 affects SAP Solution Manager (BSP Application) v720. An authenticated attacker can craft a malicious link which, when clicked by a user, may read or modify sensitive information or deliver a payload that restricts access, resulting in a Cross-Site Scripting (XSS) vulnerability. The ...

6.5CVSS5.1AI score0.00385EPSS
CVE
CVE
added 2023/07/11 2:56 a.m.50 views

CVE-2023-36921

CVE-2023-36921 relates to SAP Solution Manager (Diagnostics agent) v7.20, where an attacker can tamper with headers in a client request, causing the SAP Diagnostics Agent to serve poisoned content to the server. The underlying impact is limited: confidentiality and availability are affected to a ...

7.2CVSS6.9AI score0.00548EPSS
CVE
CVE
added 2020/12/09 4:31 p.m.49 views

CVE-2020-26837

SAP Solution Manager 7.2 (User Experience Monitoring) is affected by a path traversal vulnerability. A authenticated user can upload a malicious script, potentially exposing file-system data (confidentiality), partially modifying configurations (integrity) and partially impacting availability. Th...

9.1CVSS8.9AI score0.01872EPSS
CVE
CVE
added 2018/04/10 3:0 p.m.48 views

CVE-2018-2405

SAP Solution Manager, Incident Management Work Center, versions 7.10 and 7.20, is vulnerable to a cross-site scripting flaw caused by insufficient filtering when uploading an attachment. An attacker could upload a malicious script as an attachment and have it execute in a user’s browser. Root cau...

5.4CVSS5.4AI score0.00968EPSS
CVE
CVE
added 2020/12/09 4:29 p.m.48 views

CVE-2020-26830

CVE-2020-26830 applies to SAP Solution Manager 7.2 (User Experience Monitoring). The common thread across connected sources is a missing authorization check for authenticated users, enabling a regular user to perform operations restricted to administrators (change UX monitoring config, view agent...

8.1CVSS7.9AI score0.01434EPSS
CVE
CVE
added 2014/07/31 2:0 p.m.47 views

CVE-2014-5175

CVE-2014-5175 affects SAP Solution Manager 7.1, specifically the License Measurement servlet, where remote attackers may bypass authentication via unspecified vectors related to a verb tampering attack and SAP_JTECHS. The available sources identify the affected product and the attack class but do...

7.5CVSS7.2AI score0.01956EPSS
CVE
CVE
added 2020/10/20 1:30 p.m.47 views

CVE-2020-6369

CVE-2020-6369 affects SAP Solution Manager and SAP Focused Run. The issue allows an unauthenticated attacker to bypass login if the default passwords for Admin and Guest are not changed, impacting confidentiality. Affected versions are SAP Solution Manager and SAP Focused Run with updates in WILY...

7.5CVSS6AI score0.02647EPSS
CVE
CVE
added 2020/11/10 4:17 p.m.45 views

CVE-2020-26821

CVE-2020-26821 affects SAP Solution Manager (JAVA stack) 7.20. An unauthenticated attacker can compromise the system due to missing authorization checks in the SVG Converter Service, impacting integrity and availability. Documented CVSSv3.1 base score is 10.0 (network, no privileges, no user inte...

10CVSS9.3AI score0.0134EPSS
CVE
CVE
added 2018/01/09 3:0 p.m.44 views

CVE-2018-2361

In SAP Solution Manager 7.20, the SAP_BPO_CONFIG role grants the Business Process Operations (BPO) configuration user more authorization than required for configuring BPO tools, creating a privilege-bypass condition. Multiple sources corroborate a privilege-elevation risk leading potentially to u...

8.8CVSS8.7AI score0.01245EPSS
CVE
CVE
added 2020/07/01 12:55 p.m.44 views

CVE-2020-6261

SAP Solution Manager (Trace Analysis) 7.20 is affected. The issue allows log injection into the trace file due to incomplete XML validation, impairing readability of trace files. No explicit remediation or patch version is provided in the connected documents. References point to SAP notes/wiki en...

5.3CVSS5.5AI score0.00775EPSS
CVE
CVE
added 2020/11/10 4:17 p.m.42 views

CVE-2020-26823

CVE-2020-26823 affects SAP Solution Manager (JAVA stack) version 7.20, with missing authorization checks in the Upgrade Diagnostics Agent Connection Service. The issue allows an unauthenticated attacker to compromise integrity and availability of the service (CVSSv3 base score 10.0, CRITICAL; vec...

10CVSS9.3AI score0.01284EPSS
CVE
CVE
added 2020/06/10 12:38 p.m.42 views

CVE-2020-6271

CVE-2020-6271 affects SAP Solution Manager (Problem Context Manager) version 7.2. The issue arises from insufficient authentication, enabling an attacker to cause memory exhaustion, potentially crash the system and read restricted data (files visible to diagnostics agent admins). Documents consis...

8.2CVSS8AI score0.01161EPSS
CVE
CVE
added 2021/04/13 6:39 p.m.41 views

CVE-2021-21483

CVE-2021-21483 concerns SAP Solution Manager 720. The connected documents identify an information disclosure vulnerability whereby a high-privilege attacker can access sensitive information, affecting confidentiality beyond the vulnerable component. The CVSS data indicates network access with low...

8.2CVSS4.7AI score0.00694EPSS
CVE
CVE
added 2023/12/12 1:35 a.m.41 views

CVE-2023-49587

CVE-2023-49587 affects SAP Solution Manager 720. The vulnerability allows an authorized attacker to execute certain deprecated function modules, enabling reading or modification of data across the same or other components over the network, with no user interaction. Root cause cited in multiple so...

6.4CVSS6.5AI score0.00408EPSS
CVE
CVE
added 2014/04/10 3:0 p.m.40 views

CVE-2013-7363

CVE-2013-7363 concerns an unspecified vulnerability in the Diagnostics (SMD) agent of SAP Solution Manager . The connected sources describe that remote attackers can leverage vectors involving the P4 protocol to: (1) obtain sensitive information, (2) modify the configuration of applications, and ...

7.5CVSS6.6AI score0.01527EPSS