Every CVE whose affected-product data names Sap Solution Manager, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (33)
CVE-2020-26824 — CVSS 10.0 (critical): SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing…
CVE-2020-26821 — CVSS 10.0 (critical): SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing…
CVE-2020-26822 — CVSS 10.0 (critical): SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing…
CVE-2020-26823 — CVSS 10.0 (critical): SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing…
CVE-2020-6198 — CVSS 9.8 (critical): SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker…
CVE-2022-22544 — CVSS 9.1 (critical): Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute code on all connected…
CVE-2020-26837 — CVSS 9.1 (critical): SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script that can…
CVE-2023-27893 — CVSS 8.8 (high): An attacker authenticated as a user with a non-administrative role and a common remote execution authorization in SAP Solution Manager and…
CVE-2018-2361 — CVSS 8.8 (high): In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization…
CVE-2020-6235 — CVSS 8.6 (high): SAP Solution Manager (Diagnostics Agent), version 7.2, does not perform the authentication check for the functionalities of the Collector…
CVE-2020-6271 — CVSS 8.2 (high): SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume…
CVE-2020-26830 — CVSS 8.1 (high): SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, does not perform necessary authorization checks for an authenticated…
CVE-2013-7363 — CVSS 7.5 (high): Unspecified vulnerability in the Diagnostics (SMD) agent in SAP Solution Manager allows remote attackers to obtain sensitive information…
CVE-2014-5175 — CVSS 7.5 (high): The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors…
CVE-2016-10005 — CVSS 7.5 (high): Webdynpro in SAP Solman 7.1 through 7.31 allows remote attackers to obtain sensitive information via webdynpro/dispatcher/sap.com/caf~eu~gp~…
CVE-2023-36925 — CVSS 7.2 (high): SAP Solution Manager (Diagnostics agent) - version 7.20, allows an unauthenticated attacker to blindly execute HTTP requests. On successful…
CVE-2023-36921 — CVSS 7.2 (high): SAP Solution Manager (Diagnostics agent) - version 7.20, allows an attacker to tamper with headers in a client request. This misleads SAP…
CVE-2023-0024 — CVSS 6.5 (medium): SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an…
CVE-2023-23855 — CVSS 6.5 (medium): SAP Solution Manager - version 720, allows an authenticated attacker to redirect users to a malicious site due to insufficient URL…
CVE-2023-0025 — CVSS 6.5 (medium): SAP Solution Manager (BSP Application) - version 720, allows an authenticated attacker to craft a malicious link, which when clicked by an…
CVE-2023-49587 — CVSS 6.4 (medium): SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify…
CVE-2022-41275 — CVSS 6.1 (medium): In SAP Solution Manager (Enterprise Search) - versions 740, and 750, an unauthenticated attacker can generate a link that, if clicked by a…
CVE-2020-26836 — CVSS 6.1 (medium): SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to Open Redirect…
CVE-2023-23852 — CVSS 6.1 (medium): SAP Solution Manager (System Monitoring) - version 720, does not sufficiently encode user-controlled inputs, resulting in Cross-Site…
CVE-2022-41261 — CVSS 6.0 (medium): SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing…
CVE-2020-6369 — CVSS 5.9 (medium): SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated…
CVE-2019-0291 — CVSS 5.5 (medium): Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted.
CVE-2018-2405 — CVSS 5.4 (medium): SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this…
CVE-2020-6260 — CVSS 5.3 (medium): SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to inject superflous data that can be displayed by the application…
CVE-2020-6261 — CVSS 5.3 (medium): SAP Solution Manager (Trace Analysis), version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete…
CVE-2021-21483 — CVSS 4.9 (medium): Under certain conditions SAP Solution Manager, version - 720, allows a high privileged attacker to get access to sensitive information…
CVE-2019-0307 — CVSS 2.4 (low): Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user…