Sap: >> Landscape Management Security Vulnerabilities
SAP Landscape Management allows an authenticated
user to read confidential data disclosed by the REST Provider Definition
response. Successful exploitation can cause high impact on confidentiality of
the managed entities.
CVSS Score
6.9
EPSS Score
0.001
Published
2024-07-09
An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system.
CVSS Score
6.8
EPSS Score
0.001
Published
2023-04-11
SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files as root user from a non-root context, leading to Privilege Escalation.
CVSS Score
7.2
EPSS Score
0.002
Published
2020-04-14
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation.
CVSS Score
7.2
EPSS Score
0.004
Published
2020-02-12
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management.
CVSS Score
7.2
EPSS Score
0.002
Published
2020-02-12
Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information Disclosure.
CVSS Score
4.9
EPSS Score
0.003
Published
2019-10-08
Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack)).
CVSS Score
9.8
EPSS Score
0.034
Published
2019-02-15
Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted.
CVSS Score
7.5
EPSS Score
0.004
Published
2019-01-08