Sap Se Sap Solution Manager vulnerabilities

CVE-2025-42880 [CRITICAL] CWE-94 CVE-2025-42880: Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert mal Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availability of the system.

CVE-2025-42887 [CRITICAL] CWE-94 CVE-2025-42887: Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert mal Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availability of the system.

CVE-2025-30017 [MEDIUM] CWE-862 CVE-2025-30017: Due to a missing authorization check, an authenticated attacker could upload a file as a template fo Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application.

CVE-2023-49587 [MEDIUM] CWE-77 CVE-2023-49587: SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated func SAP Solution Manager - version 720, allows an authorized attacker to execute certain deprecated function modules which can read or modify data of same or other component without user interaction over the network.

CVE-2021-21483 [MEDIUM] CVE-2021-21483: Under certain conditions SAP Solution Manager, version - 720, allows a high privileged attacker to g Under certain conditions SAP Solution Manager, version - 720, allows a high privileged attacker to get access to sensitive information which has a direct serious impact beyond the exploitable component thereby affecting the confidentiality in the application.

CVE-2019-0291 [MEDIUM] CVE-2019-0291: Under certain conditions Solution Manager, version 7.2, allows an attacker to access information whi Under certain conditions Solution Manager, version 7.2, allows an attacker to access information which would otherwise be restricted.

CVE-2018-2405 [MEDIUM] CWE-79 CVE-2018-2405: SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a mal SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting.

CVE-2018-2361 [HIGH] CWE-863 CVE-2018-2361: In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) co In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools.