CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-27893 – Arbitrary Code Execution in SAP Solution Manager and ABAP managed systems (ST-PI)
https://notcve.org/view.php?id=CVE-2023-27893
An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and ABAP managed systems (ST-PI) - versions 2088_1_700, 2008_1_710, 740, can use a vulnerable interface to execute an application function to perform actions which they would not normally be permitted to perform. Depending on the function executed, the attack can read or modify any user or application data and can make the application unavailable. • https://launchpad.support.sap.com/#/notes/3296476 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2022-41275
https://notcve.org/view.php?id=CVE-2022-41275
In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impact on confidentiality and integrity. En SAP Solution Manager (Enterprise Search), versiones 740 y 750, un atacante no autenticado puede generar un enlace que, si un usuario que ha iniciado sesión hace clic en él, puede ser redirigido a una página maliciosa que podría leer o modificar información confidencial, o exponer al usuario a un ataque de phishing, con poco impacto en la confidencialidad e integridad. • https://launchpad.support.sap.com/#/notes/3271313 https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2019-0293
https://notcve.org/view.php?id=CVE-2019-0293
Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740). La lectura del destino de RFC no siempre realiza la comprobación de autorización, dando como resultado una escalada de privilegios para acceder a la información en los destinos en RFC en sistemas administrados y en sistemas SAP Solution Manager ( ST-PI, versiones anteriores 2008_1_700, 2008_1_710, and 740). • http://www.securityfocus.com/bid/108324 https://launchpad.support.sap.com/#/notes/2756625 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032 • CWE-862: Missing Authorization •