Search

Find a vulnerability

Search criteria

    16 vulnerabilities found for landscape_management by sap

    CVE-2024-39593 (GCVE-0-2024-39593)

    Vulnerability from nvd – Published: 2024-07-09 03:51 – Updated: 2024-08-02 04:26
    VLAI
    Title
    [CVE-2024-39593] Information Disclosure vulnerability in SAP Landscape Management
    Summary
    SAP Landscape Management allows an authenticated user to read confidential data disclosed by the REST Provider Definition response. Successful exploitation can cause high impact on confidentiality of the managed entities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    sap
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39593",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T14:03:46.832537Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-09T14:03:52.791Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:26:15.997Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://url.sap/sapsecuritypatchday"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3466801"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Landscape Management",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "VCM 3.00"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SAP Landscape Management allows an authenticated\nuser to read confidential data disclosed by the REST Provider Definition\nresponse. Successful exploitation can cause high impact on confidentiality of\nthe managed entities.\n\n\n\n"
                }
              ],
              "value": "SAP Landscape Management allows an authenticated\nuser to read confidential data disclosed by the REST Provider Definition\nresponse. Successful exploitation can cause high impact on confidentiality of\nthe managed entities."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T03:51:46.533Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://url.sap/sapsecuritypatchday"
            },
            {
              "url": "https://me.sap.com/notes/3466801"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "[CVE-2024-39593] Information Disclosure vulnerability in SAP Landscape Management",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-39593",
        "datePublished": "2024-07-09T03:51:46.533Z",
        "dateReserved": "2024-06-26T09:58:24.095Z",
        "dateUpdated": "2024-08-02T04:26:15.997Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-26458 (GCVE-0-2023-26458)

    Vulnerability from nvd – Published: 2023-04-11 02:34 – Updated: 2025-02-07 19:33
    VLAI
    Title
    Information Disclosure vulnerability in SAP Landscape Management
    Summary
    An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-668 - Exposure of Resource to Wrong Sphere
    Assigner
    sap
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:53:52.754Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3312733"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-26458",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T19:33:03.298235Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-07T19:33:07.425Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Landscape Management",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system.\u003c/p\u003e"
                }
              ],
              "value": "An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-668",
                  "description": "CWE-668: Exposure of Resource to Wrong Sphere",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-11T20:27:39.061Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://launchpad.support.sap.com/#/notes/3312733"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": " Information Disclosure vulnerability in SAP Landscape Management",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-26458",
        "datePublished": "2023-04-11T02:34:46.842Z",
        "dateReserved": "2023-02-22T21:38:25.764Z",
        "dateUpdated": "2025-02-07T19:33:07.425Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6236 (GCVE-0-2020-6236)

    Vulnerability from nvd – Published: 2020-04-14 18:38 – Updated: 2024-08-04 08:55
    VLAI
    Summary
    SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files as root user from a non-root context, leading to Privilege Escalation.
    CWE
    • Privilege Escalation
    Assigner
    sap
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:55:22.273Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2902456"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Landscape Management",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.0"
                }
              ]
            },
            {
              "product": "SAP Adaptive Extensions",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files as root user from a non-root context, leading to Privilege Escalation."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-14T18:38:43.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2902456"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2020-6236",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Landscape Management",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "3.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Adaptive Extensions",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files as root user from a non-root context, leading to Privilege Escalation."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "7.2",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2902456",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2902456"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6236",
        "datePublished": "2020-04-14T18:38:43.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:55:22.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6192 (GCVE-0-2020-6192)

    Vulnerability from nvd – Published: 2020-02-12 19:45 – Updated: 2024-08-04 08:55
    VLAI
    Summary
    SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management.
    CWE
    • Missing input validation
    Assigner
    sap
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:55:22.058Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2877968"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Landscape Management",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "= 3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing input validation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-12T19:45:29.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2877968"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2020-6192",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Landscape Management",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "=",
                                "version_value": "3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "7.2",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing input validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2877968",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2877968"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6192",
        "datePublished": "2020-02-12T19:45:29.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:55:22.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6191 (GCVE-0-2020-6191)

    Vulnerability from nvd – Published: 2020-02-12 19:46 – Updated: 2024-08-04 08:55
    VLAI
    Summary
    SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation.
    CWE
    • Missing input validation
    Assigner
    sap
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:55:22.096Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2878030"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Landscape Management",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "= 3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing input validation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-12T19:46:16.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2878030"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2020-6191",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Landscape Management",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "=",
                                "version_value": "3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "7.2",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing input validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2878030",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2878030"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6191",
        "datePublished": "2020-02-12T19:46:16.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:55:22.096Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0380 (GCVE-0-2019-0380)

    Vulnerability from nvd – Published: 2019-10-08 19:31 – Updated: 2024-08-04 17:51
    VLAI
    Summary
    Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information Disclosure.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    sap
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:26.927Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2828682"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Landscape Management enterprise edition",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters\u2019 default values to be part of the application logs leading to Information Disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-08T19:31:03.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2828682"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0380",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Landscape Management enterprise edition",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters\u2019 default values to be part of the application logs leading to Information Disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2828682",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2828682"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0380",
        "datePublished": "2019-10-08T19:31:03.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:51:26.927Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0261 (GCVE-0-2019-0261)

    Vulnerability from nvd – Published: 2019-02-15 18:00 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack)).
    Severity
    No CVSS data available.
    CWE
    • Missing Authentication Check
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP HANA Extended Application Services Affected: < 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack)
    Create a notification for this product.
    Date Public
    2019-02-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.376Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2742027"
              },
              {
                "name": "106986",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106986"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP HANA Extended Application Services",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP                                                                                                               HANA 2 SPS0 (second S stands for stack)"
                }
              ]
            }
          ],
          "datePublic": "2019-02-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack))."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing Authentication Check",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-16T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2742027"
            },
            {
              "name": "106986",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106986"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0261",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP HANA Extended Application Services",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP                                                                                                               HANA 2 SPS0 (second S stands for stack)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack))."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing Authentication Check"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2742027",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2742027"
                },
                {
                  "name": "106986",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106986"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0261",
        "datePublished": "2019-02-15T18:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.376Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0249 (GCVE-0-2019-0249)

    Vulnerability from nvd – Published: 2019-01-08 20:00 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    sap
    References
    Impacted products
    Date Public
    2019-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.381Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
              },
              {
                "name": "106464",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106464"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2727624"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Landscape Management(VCM)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.0"
                }
              ]
            }
          ],
          "datePublic": "2019-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
            },
            {
              "name": "106464",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106464"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2727624"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0249",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Landscape Management(VCM)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
                },
                {
                  "name": "106464",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106464"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2727624",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2727624"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0249",
        "datePublished": "2019-01-08T20:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.381Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-39593 (GCVE-0-2024-39593)

    Vulnerability from cvelistv5 – Published: 2024-07-09 03:51 – Updated: 2024-08-02 04:26
    VLAI
    Title
    [CVE-2024-39593] Information Disclosure vulnerability in SAP Landscape Management
    Summary
    SAP Landscape Management allows an authenticated user to read confidential data disclosed by the REST Provider Definition response. Successful exploitation can cause high impact on confidentiality of the managed entities.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
    Assigner
    sap
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-39593",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-09T14:03:46.832537Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-09T14:03:52.791Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T04:26:15.997Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://url.sap/sapsecuritypatchday"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://me.sap.com/notes/3466801"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "SAP Landscape Management",
              "vendor": "SAP_SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "VCM 3.00"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "SAP Landscape Management allows an authenticated\nuser to read confidential data disclosed by the REST Provider Definition\nresponse. Successful exploitation can cause high impact on confidentiality of\nthe managed entities.\n\n\n\n"
                }
              ],
              "value": "SAP Landscape Management allows an authenticated\nuser to read confidential data disclosed by the REST Provider Definition\nresponse. Successful exploitation can cause high impact on confidentiality of\nthe managed entities."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.9,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "LOW",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "REQUIRED",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:L/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-200",
                  "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-07-09T03:51:46.533Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://url.sap/sapsecuritypatchday"
            },
            {
              "url": "https://me.sap.com/notes/3466801"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": "[CVE-2024-39593] Information Disclosure vulnerability in SAP Landscape Management",
          "x_generator": {
            "engine": "Vulnogram 0.2.0"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2024-39593",
        "datePublished": "2024-07-09T03:51:46.533Z",
        "dateReserved": "2024-06-26T09:58:24.095Z",
        "dateUpdated": "2024-08-02T04:26:15.997Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2023-26458 (GCVE-0-2023-26458)

    Vulnerability from cvelistv5 – Published: 2023-04-11 02:34 – Updated: 2025-02-07 19:33
    VLAI
    Title
    Information Disclosure vulnerability in SAP Landscape Management
    Summary
    An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-668 - Exposure of Resource to Wrong Sphere
    Assigner
    sap
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-02T11:53:52.754Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/3312733"
              },
              {
                "tags": [
                  "x_transferred"
                ],
                "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2023-26458",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-02-07T19:33:03.298235Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-07T19:33:07.425Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Landscape Management",
              "vendor": "SAP",
              "versions": [
                {
                  "status": "affected",
                  "version": "3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "supportingMedia": [
                {
                  "base64": false,
                  "type": "text/html",
                  "value": "\u003cp\u003eAn information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system.\u003c/p\u003e"
                }
              ],
              "value": "An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system.\n\n"
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-668",
                  "description": "CWE-668: Exposure of Resource to Wrong Sphere",
                  "lang": "eng",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2023-04-11T20:27:39.061Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "url": "https://launchpad.support.sap.com/#/notes/3312733"
            },
            {
              "url": "https://www.sap.com/documents/2022/02/fa865ea4-167e-0010-bca6-c68f7e60039b.html"
            }
          ],
          "source": {
            "discovery": "UNKNOWN"
          },
          "title": " Information Disclosure vulnerability in SAP Landscape Management",
          "x_generator": {
            "engine": "Vulnogram 0.1.0-dev"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2023-26458",
        "datePublished": "2023-04-11T02:34:46.842Z",
        "dateReserved": "2023-02-22T21:38:25.764Z",
        "dateUpdated": "2025-02-07T19:33:07.425Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6236 (GCVE-0-2020-6236)

    Vulnerability from cvelistv5 – Published: 2020-04-14 18:38 – Updated: 2024-08-04 08:55
    VLAI
    Summary
    SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files as root user from a non-root context, leading to Privilege Escalation.
    CWE
    • Privilege Escalation
    Assigner
    sap
    References
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:55:22.273Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2902456"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Landscape Management",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.0"
                }
              ]
            },
            {
              "product": "SAP Adaptive Extensions",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files as root user from a non-root context, leading to Privilege Escalation."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Privilege Escalation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-04-14T18:38:43.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2902456"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2020-6236",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Landscape Management",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "3.0"
                              }
                            ]
                          }
                        },
                        {
                          "product_name": "SAP Adaptive Extensions",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files as root user from a non-root context, leading to Privilege Escalation."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "7.2",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Privilege Escalation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2902456",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2902456"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6236",
        "datePublished": "2020-04-14T18:38:43.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:55:22.273Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6191 (GCVE-0-2020-6191)

    Vulnerability from cvelistv5 – Published: 2020-02-12 19:46 – Updated: 2024-08-04 08:55
    VLAI
    Summary
    SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation.
    CWE
    • Missing input validation
    Assigner
    sap
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:55:22.096Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2878030"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Landscape Management",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "= 3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing input validation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-12T19:46:16.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2878030"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2020-6191",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Landscape Management",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "=",
                                "version_value": "3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "7.2",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing input validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2878030",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2878030"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6191",
        "datePublished": "2020-02-12T19:46:16.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:55:22.096Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2020-6192 (GCVE-0-2020-6192)

    Vulnerability from cvelistv5 – Published: 2020-02-12 19:45 – Updated: 2024-08-04 08:55
    VLAI
    Summary
    SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management.
    CWE
    • Missing input validation
    Assigner
    sap
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T08:55:22.058Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2877968"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Landscape Management",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "= 3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management."
            }
          ],
          "metrics": [
            {
              "cvssV3_0": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 7.2,
                "baseSeverity": "HIGH",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "HIGH",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing input validation",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2020-02-12T19:45:29.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2877968"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2020-6192",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Landscape Management",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "=",
                                "version_value": "3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management."
                }
              ]
            },
            "impact": {
              "cvss": {
                "baseScore": "7.2",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.0"
              }
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing input validation"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2877968",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2877968"
                },
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2020-6192",
        "datePublished": "2020-02-12T19:45:29.000Z",
        "dateReserved": "2020-01-08T00:00:00.000Z",
        "dateUpdated": "2024-08-04T08:55:22.058Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0380 (GCVE-0-2019-0380)

    Vulnerability from cvelistv5 – Published: 2019-10-08 19:31 – Updated: 2024-08-04 17:51
    VLAI
    Summary
    Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information Disclosure.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    sap
    References
    Impacted products
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:51:26.927Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2828682"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Landscape Management enterprise edition",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.0"
                }
              ]
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters\u2019 default values to be part of the application logs leading to Information Disclosure."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-10-08T19:31:03.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2828682"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0380",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Landscape Management enterprise edition",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters\u2019 default values to be part of the application logs leading to Information Disclosure."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050",
                  "refsource": "CONFIRM",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=528123050"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2828682",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2828682"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0380",
        "datePublished": "2019-10-08T19:31:03.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:51:26.927Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0261 (GCVE-0-2019-0261)

    Vulnerability from cvelistv5 – Published: 2019-02-15 18:00 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack)).
    Severity
    No CVSS data available.
    CWE
    • Missing Authentication Check
    Assigner
    sap
    References
    Impacted products
    Vendor Product Version
    SAP SE SAP HANA Extended Application Services Affected: < 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack)
    Create a notification for this product.
    Date Public
    2019-02-12 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.376Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2742027"
              },
              {
                "name": "106986",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106986"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP HANA Extended Application Services",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP                                                                                                               HANA 2 SPS0 (second S stands for stack)"
                }
              ]
            }
          ],
          "datePublic": "2019-02-12T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack))."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Missing Authentication Check",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-02-16T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2742027"
            },
            {
              "name": "106986",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106986"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0261",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP HANA Extended Application Services",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP                                                                                                               HANA 2 SPS0 (second S stands for stack)"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack))."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Missing Authentication Check"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=510922943"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2742027",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2742027"
                },
                {
                  "name": "106986",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106986"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0261",
        "datePublished": "2019-02-15T18:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.376Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2019-0249 (GCVE-0-2019-0249)

    Vulnerability from cvelistv5 – Published: 2019-01-08 20:00 – Updated: 2024-08-04 17:44
    VLAI
    Summary
    Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted.
    Severity
    No CVSS data available.
    CWE
    • Information Disclosure
    Assigner
    sap
    References
    Impacted products
    Date Public
    2019-01-08 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-04T17:44:16.381Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
              },
              {
                "name": "106464",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/106464"
              },
              {
                "tags": [
                  "x_refsource_MISC",
                  "x_transferred"
                ],
                "url": "https://launchpad.support.sap.com/#/notes/2727624"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "SAP Landscape Management(VCM)",
              "vendor": "SAP SE",
              "versions": [
                {
                  "status": "affected",
                  "version": "\u003c 3.0"
                }
              ]
            }
          ],
          "datePublic": "2019-01-08T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "Information Disclosure",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2019-01-09T10:57:01.000Z",
            "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            "shortName": "sap"
          },
          "references": [
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
            },
            {
              "name": "106464",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/106464"
            },
            {
              "tags": [
                "x_refsource_MISC"
              ],
              "url": "https://launchpad.support.sap.com/#/notes/2727624"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cna@sap.com",
              "ID": "CVE-2019-0249",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "SAP Landscape Management(VCM)",
                          "version": {
                            "version_data": [
                              {
                                "version_name": "\u003c",
                                "version_value": "3.0"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "SAP SE"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "Information Disclosure"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985",
                  "refsource": "MISC",
                  "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=509151985"
                },
                {
                  "name": "106464",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/106464"
                },
                {
                  "name": "https://launchpad.support.sap.com/#/notes/2727624",
                  "refsource": "MISC",
                  "url": "https://launchpad.support.sap.com/#/notes/2727624"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "assignerShortName": "sap",
        "cveId": "CVE-2019-0249",
        "datePublished": "2019-01-08T20:00:00.000Z",
        "dateReserved": "2018-11-26T00:00:00.000Z",
        "dateUpdated": "2024-08-04T17:44:16.381Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }