Sap Se Sap Landscape Management vulnerabilities

CVE-2024-39593 [MEDIUM] CWE-200 CVE-2024-39593: SAP Landscape Management allows an authenticated user to read confidential data disclosed by the RES SAP Landscape Management allows an authenticated user to read confidential data disclosed by the REST Provider Definition response. Successful exploitation can cause high impact on confidentiality of the managed entities.

CVE-2020-6236 [HIGH] CWE-269 CVE-2020-6236: SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files as root user from a non-root context, leading to Privilege Escalation.

CVE-2020-6192 [HIGH] CWE-20 CVE-2020-6192: SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management.

CVE-2020-6191 [HIGH] CWE-20 CVE-2020-6191: SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation.

CVE-2019-0249 [HIGH] CVE-2019-0249: Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted.