Landscape Management
by SAP
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-39593 | 0.00 | — | 0.00 | Jul 9, 2024 | SAP Landscape Management allows an authenticated user to read confidential data disclosed by the REST Provider Definition response. Successful exploitation can cause high impact on confidentiality of the managed entities. | |||
| CVE-2023-26458 | 0.00 | — | 0.01 | Apr 11, 2023 | An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and… | |||
| CVE-2020-6236 | 0.00 | — | 0.01 | Apr 14, 2020 | SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files… | |||
| CVE-2020-6191 | 0.00 | — | 0.02 | Feb 12, 2020 | SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation. | |||
| CVE-2020-6192 | 0.00 | — | 0.02 | Feb 12, 2020 | SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management. | |||
| CVE-2019-0380 | 0.00 | — | 0.01 | Oct 8, 2019 | Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information Disclosure. | |||
| CVE-2019-0249 | 0.00 | — | 0.02 | Jan 8, 2019 | Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted. |
- CVE-2024-39593Jul 9, 2024risk 0.00cvss —epss 0.00
SAP Landscape Management allows an authenticated user to read confidential data disclosed by the REST Provider Definition response. Successful exploitation can cause high impact on confidentiality of the managed entities.
- CVE-2023-26458Apr 11, 2023risk 0.00cvss —epss 0.01
An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and…
- CVE-2020-6236Apr 14, 2020risk 0.00cvss —epss 0.01
SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files…
- CVE-2020-6191Feb 12, 2020risk 0.00cvss —epss 0.02
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation.
- CVE-2020-6192Feb 12, 2020risk 0.00cvss —epss 0.02
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management.
- CVE-2019-0380Oct 8, 2019risk 0.00cvss —epss 0.01
Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information Disclosure.
- CVE-2019-0249Jan 8, 2019risk 0.00cvss —epss 0.02
Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted.