Vulnerabilities > SAP > Solution Manager
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-12 | CVE-2023-49587 | Command Injection vulnerability in SAP Solution Manager 720 SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network. | 6.4 |
| 2023-07-11 | CVE-2023-36921 | Improper Encoding or Escaping of Output vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. | 7.2 |
| 2023-07-11 | CVE-2023-36925 | Server-Side Request Forgery (SSRF) vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (Diagnostics agent) - version 7.20, allows an unauthenticated attacker to blindly execute HTTP requests. | 7.2 |
| 2023-02-14 | CVE-2023-0024 | Cross-site Scripting vulnerability in SAP Solution Manager 720 SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources, resulting in Cross-Site Scripting vulnerability. | 5.4 |
| 2023-02-14 | CVE-2023-0025 | Cross-site Scripting vulnerability in SAP Solution Manager 720 SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an unsuspecting user, can be used to read or modify some sensitive information or craft a payload which may restrict access to the desired resources. | 5.4 |
| 2023-02-14 | CVE-2023-23852 | Cross-site Scripting vulnerability in SAP Solution Manager 720 SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. | 6.1 |
| 2023-02-14 | CVE-2023-23855 | Open Redirect vulnerability in SAP Solution Manager 720 SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL validation. | 5.4 |
| 2022-12-13 | CVE-2022-41275 | Open Redirect vulnerability in SAP Solution Manager 740/750 In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a logged-in user, can be redirected to a malicious page that could read or modify sensitive information, or expose the user to a phishing attack, with little impact on confidentiality and integrity. | 6.1 |
| 2022-12-12 | CVE-2022-41261 | Unspecified vulnerability in SAP Solution Manager 7.20 SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. | 5.5 |
| 2022-02-09 | CVE-2022-22544 | Unspecified vulnerability in SAP Solution Manager 7.20 Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute code on all connected Diagnostics Agents and browse files on their systems. | 9.1 |