Sap Se Sap Focused Run vulnerabilities

CVE-2022-27657 [LOW] CWE-22 CVE-2022-27657: A highly privileged remote attacker, can gain unauthorized access to display contents of restricted A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0.

CVE-2022-24396 [HIGH] CWE-306 CVE-2022-24396: The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication The Simple Diagnostics Agent - versions 1.0 up to version 1.57, does not perform any authentication checks for functionalities that can be accessed via localhost on http port 3005. Due to lack of authentication checks, an attacker could access administrative or other privileged functionalities and read, modify, or delete sensitive information and confi

CVE-2022-24399 [MEDIUM] CWE-79 CVE-2022-24399: The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently s The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting (XSS) vulnerability.

CVE-2021-27609 [MEDIUM] CWE-862 CVE-2021-27609: SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authentica SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP EarlyWatch Alert service data collection and sending to SAP without the intended authorization.