CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26824
https://notcve.org/view.php?id=CVE-2020-26824
10 Nov 2020 — SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an impact to the integrity and availability of the service. SAP Solution Manager (JAVA stack), versión - 7.20, permite a un atacante no autenticado comprometer el sistema debido a una falta de comprobación de autorización en Upgrade Legacy Ports Service, esto presenta un impacto en la integridad y disponibilidad d... • https://launchpad.support.sap.com/#/notes/2985866 • CWE-306: Missing Authentication for Critical Function •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26822
https://notcve.org/view.php?id=CVE-2020-26822
10 Nov 2020 — SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, this has an impact to the integrity and availability of the service. SAP Solution Manager (JAVA stack), versión - 7.20, permite a un atacante no autenticado comprometer el sistema debido a una falta de comprobación de autorización en Outside Discovery Configuration Service, esto presenta un impacto en la integri... • https://launchpad.support.sap.com/#/notes/2985866 • CWE-306: Missing Authentication for Critical Function •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6261
https://notcve.org/view.php?id=CVE-2020-6261
01 Jul 2020 — SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired. SAP Solution Manager (Trace Analysis), versión 7.20, permite a un atacante llevar a cabo una inyección de registro en el archivo de rastreo, debido a una Comprobación XML Incompleta. La legibilidad del archivo de rastreo está afectada • https://launchpad.support.sap.com/#/notes/2915126 • CWE-20: Improper Input Validation CWE-116: Improper Encoding or Escaping of Output •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6260
https://notcve.org/view.php?id=CVE-2020-6260
10 Jun 2020 — SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data that can be displayed by the application, due to Incomplete XML Validation. The application shows additional data that do not actually exist. SAP Solution Manager (Trace Analysis), versión 7.20, permite a un atacante inyectar datos superfluos que la aplicación puede mostrar, debido a una Comprobación XML Incompleta. La aplicación muestra datos adicionales que no existen realmente • https://launchpad.support.sap.com/#/notes/2915126 • CWE-91: XML Injection (aka Blind XPath Injection) •
CVSS: 10.0EPSS: 97%CPEs: 1EXPL: 5CVE-2020-6207 – SAP Solution Manager Missing Authentication for Critical Function Vulnerability
https://notcve.org/view.php?id=CVE-2020-6207
10 Mar 2020 — SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager. SAP Solution Manager (User Experience Monitoring), versión 7.2, debido a una Falta de Comprobación de Autenticación no realiza ninguna autenticación para un servicio, resultando en un compromiso completo de todos los SMDAgents conectados al Solution Manager. A malicious unaut... • https://packetstorm.news/files/id/180811 • CWE-306: Missing Authentication for Critical Function •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6198
https://notcve.org/view.php?id=CVE-2020-6198
10 Mar 2020 — SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check. SAP Solution Manager (Diagnostics Agent), versión 720, permite conexiones no cifradas de fuentes no autenticadas. Esto permite a un atacante controlar todas las funciones remotas en el Agente debido a una Falta de Comprobación de Autenticación. • https://launchpad.support.sap.com/#/notes/2845377 • CWE-306: Missing Authentication for Critical Function CWE-319: Cleartext Transmission of Sensitive Information •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2018-2405
https://notcve.org/view.php?id=CVE-2018-2405
10 Apr 2018 — SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting. En SAP Solution Manager, en versiones 7.10 y 7.20, Incident Management Work Center permite que un atacante suba un script malicioso como adjunto, lo que podría conducir a un posible Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/103703 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-2361
https://notcve.org/view.php?id=CVE-2018-2361
09 Jan 2018 — In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools. En SAP Solution Manager 7.20, el rol SAP_BPO_CONFIG otorga al usuario de configuración Business Process Operations (BPO) más autorización de la requerida para configurar las herramientas BPO. • http://www.securityfocus.com/bid/102450 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 2CVE-2016-10005 – SAP Solman 7.31 Information Disclosure
https://notcve.org/view.php?id=CVE-2016-10005
19 Dec 2016 — Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd requests, aka SAP Security Note 2344524. Webdynpro en SAP Solman 7.1 hasta la versión 7.31 permite a atacantes remotos obtener información sensible a través de la petición webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd, vulnerabilidad también conocida como SAP Security Note 2344524. SAP Solman versions 7.1 through 7.31 suffer from an inform... • https://packetstorm.news/files/id/140232 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •