Vulnerabilities > SAP > Focused RUN > Medium

DATE CVE VULNERABILITY TITLE RISK
2022-03-10 CVE-2022-24399 Cross-site Scripting vulnerability in SAP Focused RUN 200/300
The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting (XSS) vulnerability.
network
low complexity
sap CWE-79
6.1
2020-10-20 CVE-2020-6369 Unspecified vulnerability in SAP Focused RUN and Solution Manager
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service.
network
sap
4.3