Page 4 of 19 results (0.008 seconds)

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0

SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check. SAP Solution Manager (Diagnostics Agent), versión 720, permite conexiones no cifradas de fuentes no autenticadas. Esto permite a un atacante controlar todas las funciones remotas en el Agente debido a una Falta de Comprobación de Autenticación. • https://launchpad.support.sap.com/#/notes/2845377 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305 • CWE-306: Missing Authentication for Critical Function CWE-319: Cleartext Transmission of Sensitive Information •

CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0

SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting. En SAP Solution Manager, en versiones 7.10 y 7.20, Incident Management Work Center permite que un atacante suba un script malicioso como adjunto, lo que podría conducir a un posible Cross-Site Scripting (XSS). • http://www.securityfocus.com/bid/103703 https://blogs.sap.com/2018/04/10/sap-security-patch-day-april-2018 https://launchpad.support.sap.com/#/notes/2372688 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools. En SAP Solution Manager 7.20, el rol SAP_BPO_CONFIG otorga al usuario de configuración Business Process Operations (BPO) más autorización de la requerida para configurar las herramientas BPO. • http://www.securityfocus.com/bid/102450 https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018 https://launchpad.support.sap.com/#/notes/2507934 • CWE-863: Incorrect Authorization •

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 1

Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd requests, aka SAP Security Note 2344524. Webdynpro en SAP Solman 7.1 hasta la versión 7.31 permite a atacantes remotos obtener información sensible a través de la petición webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd, vulnerabilidad también conocida como SAP Security Note 2344524. SAP Solman versions 7.1 through 7.31 suffer from an information disclosure vulnerability. • http://packetstormsecurity.com/files/140232/SAP-Solman-7.31-Information-Disclosure.html http://seclists.org/fulldisclosure/2016/Dec/69 http://www.securityfocus.com/bid/92949 https://erpscan.io/advisories/erpscan-16-035-sap-solman-user-accounts-dislosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •