CVE-2018-2405
https://notcve.org/view.php?id=CVE-2018-2405
SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting. En SAP Solution Manager, en versiones 7.10 y 7.20, Incident Management Work Center permite que un atacante suba un script malicioso como adjunto, lo que podría conducir a un posible Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/103703 https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018 https://launchpad.support.sap.com/#/notes/2372688 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2016-10005 – SAP Solman 7.31 Information Disclosure
https://notcve.org/view.php?id=CVE-2016-10005
Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd requests, aka SAP Security Note 2344524. Webdynpro en SAP Solman 7.1 hasta la versión 7.31 permite a atacantes remotos obtener información sensible a través de la petición webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd, vulnerabilidad también conocida como SAP Security Note 2344524. SAP Solman versions 7.1 through 7.31 suffer from an information disclosure vulnerability. • http://packetstormsecurity.com/files/140232/SAP-Solman-7.31-Information-Disclosure.html http://seclists.org/fulldisclosure/2016/Dec/69 http://www.securityfocus.com/bid/92949 https://erpscan.io/advisories/erpscan-16-035-sap-solman-user-accounts-dislosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •