CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2018-2361
https://notcve.org/view.php?id=CVE-2018-2361
09 Jan 2018 — In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools. En SAP Solution Manager 7.20, el rol SAP_BPO_CONFIG otorga al usuario de configuración Business Process Operations (BPO) más autorización de la requerida para configurar las herramientas BPO. • http://www.securityfocus.com/bid/102450 • CWE-863: Incorrect Authorization •
CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 2CVE-2016-10005 – SAP Solman 7.31 Information Disclosure
https://notcve.org/view.php?id=CVE-2016-10005
19 Dec 2016 — Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd requests, aka SAP Security Note 2344524. Webdynpro en SAP Solman 7.1 hasta la versión 7.31 permite a atacantes remotos obtener información sensible a través de la petición webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd, vulnerabilidad también conocida como SAP Security Note 2344524. SAP Solman versions 7.1 through 7.31 suffer from an inform... • https://packetstorm.news/files/id/140232 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2014-5175
https://notcve.org/view.php?id=CVE-2014-5175
31 Jul 2014 — The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. El servlet License Measurement en SAP Solution Manager 7.1 permite a atacantes remotos evadir la autenticación a través de vectores no especificados, relacionado con un ataque de la manipulación de verbos y SAP_JTECHS. • http://scn.sap.com/docs/DOC-8218 • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 1%CPEs: 1EXPL: 0CVE-2013-7363
https://notcve.org/view.php?id=CVE-2013-7363
10 Apr 2014 — Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or remove applications via vectors involving the P4 protocol. Vulnerabilidad no especificada en el agente Diagnostics (SMD) en SAP Solution Manager permite a atacantes remotos obtener información sensible, modificar la configuración de aplicaciones y instalar o eliminar aplicaciones a través de vectores involucrando el... • http://archives.neohapsis.com/archives/bugtraq/2013-02/0134.html •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2014-1960
https://notcve.org/view.php?id=CVE-2014-1960
14 Feb 2014 — The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. Solution Manager en SAP NetWeaver no restringe debidamente el acceso, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://scn.sap.com/docs/DOC-8218 • CWE-264: Permissions, Privileges, and Access Controls •