Sap Solution_manager
33 CVEs affecting Sap Solution_manager. Latest disclosed: 2023-12-12. Critical: 8, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-26824 | Critical | 10.0 | 2020-11-10 | SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the U… |
CVE-2020-26823 | Critical | 10.0 | 2020-11-10 | SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the U… |
CVE-2020-26822 | Critical | 10.0 | 2020-11-10 | SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the O… |
CVE-2020-26821 | Critical | 10.0 | 2020-11-10 | SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the S… |
CVE-2020-6207 | Critical | 9.8 | 2020-03-10 | SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resultin… |
CVE-2020-6198 | Critical | 9.8 | 2020-03-10 | SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remo… |
CVE-2022-22544 | Critical | 9.1 | 2022-02-09 | Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse… |
CVE-2020-26837 | Critical | 9.1 | 2020-12-09 | SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script that can exploit an existing pa… |
CVE-2023-27893 | High | 8.8 | 2023-03-14 | An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems… |
CVE-2018-2361 | High | 8.8 | 2018-01-09 | In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for confi… |
CVE-2020-6235 | High | 8.6 | 2020-04-14 | SAP Solution Manager (Diagnostics Agent), version 7.2, does not perform the authentication check for the functionalities of the Collector Simulator, leading to… |
CVE-2020-6271 | High | 8.2 | 2020-06-10 | SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of me… |
CVE-2020-26830 | High | 8.1 | 2020-12-09 | SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, does not perform necessary authorization checks for an authenticated user. Due to inadequ… |
CVE-2016-10005 | High | 7.5 | 2016-12-19 | Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd… |
CVE-2023-36925 | High | 7.2 | 2023-07-11 | SAP Solution Manager (Diagnostics agent) - version 7.20, allows an unauthenticated attacker to blindly execute HTTP requests. On successful exploitation, the a… |
CVE-2023-36921 | High | 7.2 | 2023-07-11 | SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to… |
CVE-2023-23855 | Medium | 6.5 | 2023-02-14 | SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. A successful att… |
CVE-2023-0025 | Medium | 6.5 | 2023-02-14 | SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, c… |
CVE-2023-0024 | Medium | 6.5 | 2023-02-14 | SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, c… |
CVE-2023-49587 | Medium | 6.4 | 2023-12-12 | SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other… |