CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39593 – [CVE-2024-39593] Information Disclosure vulnerability in SAP Landscape Management
https://notcve.org/view.php?id=CVE-2024-39593
09 Jul 2024 — SAP Landscape Management allows an authenticated user to read confidential data disclosed by the REST Provider Definition response. Successful exploitation can cause high impact on confidentiality of the managed entities. SAP Landscape Management permite a un usuario autenticado leer datos confidenciales revelados por la respuesta de Provider Definition REST. La explotación exitosa puede causar un gran impacto en la confidencialidad de las entidades gestionadas. SAP Landscape Management allows an authentica... • https://me.sap.com/notes/3466801 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-26458 – Information Disclosure vulnerability in SAP Landscape Management
https://notcve.org/view.php?id=CVE-2023-26458
11 Apr 2023 — An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate... • https://launchpad.support.sap.com/#/notes/3312733 • CWE-668: Exposure of Resource to Wrong Sphere •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2020-6236
https://notcve.org/view.php?id=CVE-2020-6236
14 Apr 2020 — SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files as root user from a non-root context, leading to Privilege Escalation. SAP Landscape Management, versión 3.0, y SAP Adaptive Extensions, versión 1.0, permite a un atacante con privilegios admin_group cambiar la propiedad y los permi... • https://launchpad.support.sap.com/#/notes/2902456 • CWE-269: Improper Privilege Management •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6191
https://notcve.org/view.php?id=CVE-2020-6191
12 Feb 2020 — SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation. SAP Landscape Management, versión 3.0, permite a un atacante con privilegios de administrador ejecutar archivos ejecutables maliciosos con privilegios root en SAP Host Agent por medio de SAP Landscape Management, debido a una Falta de Comprobación de Entrada. • https://launchpad.support.sap.com/#/notes/2878030 • CWE-20: Improper Input Validation •
CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6192
https://notcve.org/view.php?id=CVE-2020-6192
12 Feb 2020 — SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management. SAP Landscape Management, versión 3.0, permite a un atacante con privilegios de administrador ejecutar comandos maliciosos con privilegios root en SAP Host Agent, por medio de SAP Landscape Management. • https://launchpad.support.sap.com/#/notes/2877968 • CWE-20: Improper Input Validation •
CVSS: 4.9EPSS: 0%CPEs: 1EXPL: 0CVE-2019-0380
https://notcve.org/view.php?id=CVE-2019-0380
08 Oct 2019 — Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information Disclosure. Bajo determinadas condiciones, la edición empresarial de SAP Landscape Management, anterior a la versión 3.0, permite que los valores predeterminados de los parámetros seguros personalizados formen parte de los registros de la aplicación que conducen a la divulgación de información. • https://launchpad.support.sap.com/#/notes/2828682 • CWE-532: Insertion of Sensitive Information into Log File •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 0CVE-2019-0261
https://notcve.org/view.php?id=CVE-2019-0261
15 Feb 2019 — Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack)). En determinadas circunstancias, SAP HANA Extended Application Services, en el modelo avanzado (XS advanced) no realiza las comprobaciones de autenticación correctamente para la plataforma XS advanced y los usuarios de negoc... • http://www.securityfocus.com/bid/106986 • CWE-306: Missing Authentication for Critical Function •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-0249
https://notcve.org/view.php?id=CVE-2019-0249
08 Jan 2019 — Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted. En ciertas condiciones, SAP Landscape Management (VCM 3.0) permite que un atacante acceda a información que normalmente estaría restringida. • http://www.securityfocus.com/bid/106464 •