CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2405
https://notcve.org/view.php?id=CVE-2018-2405
10 Apr 2018 — SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting. En SAP Solution Manager, en versiones 7.10 y 7.20, Incident Management Work Center permite que un atacante suba un script malicioso como adjunto, lo que podría conducir a un posible Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/103703 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 2CVE-2016-10005 – SAP Solman 7.31 Information Disclosure
https://notcve.org/view.php?id=CVE-2016-10005
19 Dec 2016 — Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd requests, aka SAP Security Note 2344524. Webdynpro en SAP Solman 7.1 hasta la versión 7.31 permite a atacantes remotos obtener información sensible a través de la petición webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd, vulnerabilidad también conocida como SAP Security Note 2344524. SAP Solman versions 7.1 through 7.31 suffer from an inform... • https://packetstorm.news/files/id/140232 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •