CVE-2018-2361
https://notcve.org/view.php?id=CVE-2018-2361
In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools. En SAP Solution Manager 7.20, el rol SAP_BPO_CONFIG otorga al usuario de configuración Business Process Operations (BPO) más autorización de la requerida para configurar las herramientas BPO. • http://www.securityfocus.com/bid/102450 https://blogs.sap.com/2018/01/09/sap-security-patch-day-january-2018 https://launchpad.support.sap.com/#/notes/2507934 • CWE-863: Incorrect Authorization •
CVE-2016-10005 – SAP Solman 7.31 Information Disclosure
https://notcve.org/view.php?id=CVE-2016-10005
Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd requests, aka SAP Security Note 2344524. Webdynpro en SAP Solman 7.1 hasta la versión 7.31 permite a atacantes remotos obtener información sensible a través de la petición webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd, vulnerabilidad también conocida como SAP Security Note 2344524. SAP Solman versions 7.1 through 7.31 suffer from an information disclosure vulnerability. • http://packetstormsecurity.com/files/140232/SAP-Solman-7.31-Information-Disclosure.html http://seclists.org/fulldisclosure/2016/Dec/69 http://www.securityfocus.com/bid/92949 https://erpscan.io/advisories/erpscan-16-035-sap-solman-user-accounts-dislosure • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2014-5175
https://notcve.org/view.php?id=CVE-2014-5175
The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS. El servlet License Measurement en SAP Solution Manager 7.1 permite a atacantes remotos evadir la autenticación a través de vectores no especificados, relacionado con un ataque de la manipulación de verbos y SAP_JTECHS. • http://scn.sap.com/docs/DOC-8218 http://seclists.org/fulldisclosure/2014/Jul/151 http://secunia.com/advisories/59548 http://www.onapsis.com/resources/get.php?resid=adv_onapsis-2014-023 http://www.securityfocus.com/bid/68949 https://exchange.xforce.ibmcloud.com/vulnerabilities/94932 https://service.sap.com/sap/support/notes/1778940 • CWE-287: Improper Authentication •
CVE-2013-7363
https://notcve.org/view.php?id=CVE-2013-7363
Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information, modify the configuration of applications, and install or remove applications via vectors involving the P4 protocol. Vulnerabilidad no especificada en el agente Diagnostics (SMD) en SAP Solution Manager permite a atacantes remotos obtener información sensible, modificar la configuración de aplicaciones y instalar o eliminar aplicaciones a través de vectores involucrando el protocolo P4. • http://archives.neohapsis.com/archives/bugtraq/2013-02/0134.html http://scn.sap.com/docs/DOC-8218 http://www.onapsis.com/get.php?resid=adv_onapsis-2013-006 http://www.onapsis.com/research-advisories.php https://service.sap.com/sap/support/notes/1774568 •
CVE-2014-1960
https://notcve.org/view.php?id=CVE-2014-1960
The Solution Manager in SAP NetWeaver does not properly restrict access, which allows remote attackers to obtain sensitive information via unspecified vectors. Solution Manager en SAP NetWeaver no restringe debidamente el acceso, lo que permite a atacantes remotos obtener información sensible a través de vectores no especificados. • http://scn.sap.com/docs/DOC-8218 http://secunia.com/advisories/56942 https://erpscan.io/advisories/erpscan-14-004-sap-netweaver-solution-manager-missing-authorization-check-information-disclosure https://exchange.xforce.ibmcloud.com/vulnerabilities/91093 https://service.sap.com/sap/support/notes/1828885 • CWE-264: Permissions, Privileges, and Access Controls •