Sap Solution_manager

33 CVEs affecting Sap Solution_manager. Latest disclosed: 2023-12-12. Critical: 8, High: 8.

Top CVEs affecting Sap Solution_manager
CVESeverityScorePublishedSummary
CVE-2020-26824Critical10.02020-11-10SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the U…
CVE-2020-26823Critical10.02020-11-10SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the U…
CVE-2020-26822Critical10.02020-11-10SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the O…
CVE-2020-26821Critical10.02020-11-10SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the S…
CVE-2020-6207Critical9.82020-03-10SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resultin…
CVE-2020-6198Critical9.82020-03-10SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remo…
CVE-2022-22544Critical9.12022-02-09Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse…
CVE-2020-26837Critical9.12020-12-09SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script that can exploit an existing pa…
CVE-2023-27893High8.82023-03-14An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems…
CVE-2018-2361High8.82018-01-09In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for confi…
CVE-2020-6235High8.62020-04-14SAP Solution Manager (Diagnostics Agent), version 7.2, does not perform the authentication check for the functionalities of the Collector Simulator, leading to…
CVE-2020-6271High8.22020-06-10SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of me…
CVE-2020-26830High8.12020-12-09SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, does not perform necessary authorization checks for an authenticated user. Due to inadequ…
CVE-2016-10005High7.52016-12-19Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd…
CVE-2023-36925High7.22023-07-11SAP Solution Manager (Diagnostics agent) - version 7.20, allows an unauthenticated attacker to blindly execute HTTP requests. On successful exploitation, the a…
CVE-2023-36921High7.22023-07-11SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP Diagnostics Agent to…
CVE-2023-23855Medium6.52023-02-14SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. A successful att…
CVE-2023-0025Medium6.52023-02-14SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, c…
CVE-2023-0024Medium6.52023-02-14SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, c…
CVE-2023-49587Medium6.42023-12-12SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other…