Product
sap solution manager
33 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2023-49587
CVE-2023-36925
CVE-2023-36921
CVE-2023-27893
CVE-2023-23855
CVE-2023-23852
CVE-2023-0025
CVE-2023-0024
CVE-2022-41275
CVE-2022-41261
CVE-2022-22544
CVE-2021-21483
CVE-2020-26837
CVE-2020-26836
CVE-2020-26830
CVE-2020-26824
CVE-2020-26823
CVE-2020-26822
CVE-2020-26821
CVE-2020-6369
CVE-2020-6261
CVE-2020-6271
CVE-2020-6260
CVE-2020-6235
CVE-2020-6207
CVE-2020-6198
CVE-2019-0307
CVE-2019-0291
CVE-2018-2405
CVE-2018-2361
CVE-2016-10005
CVE-2014-5175
CVE-2013-7363
all versions
SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or
all versions
SAP Solution Manager (Diagnostics agent) - version 7.20, allows an unauthenticated attacker to blindly execute HTTP requests. On s
all versions
SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misle
all versions
An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Man
all versions
SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL
all versions
SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Si
all versions
SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when click
all versions
SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when click
all versions
In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if cl
all versions
SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file contai
all versions
Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute code on all connected D
all versions
Under certain conditions SAP Solution Manager, version - 720, allows a high privileged attacker to get access to sensitive informa
all versions
SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script th
all versions
SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to Open Redi
all versions
SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, does not perform necessary authorization checks for an authe
all versions
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing
all versions
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing
all versions
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing
all versions
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing
all versions
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticat
all versions
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Inc
all versions
SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker t
all versions
SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data that can be displayed by the app
all versions
SAP Solution Manager (Diagnostics Agent), version 7.2, does not perform the authentication check for the functionalities of the Co
all versions
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authenti
all versions
SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an
all versions
Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user
all versions
Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restrict
all versions
SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment
all versions
In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authoriz
all versions
Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/
all versions
The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vecto
all versions
Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive infor