cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-36925,https://securityvulnerability.io/vulnerability/CVE-2023-36925,Unauthenticated blind SSRF in SAP Solution Manager (Diagnostics agent),"A vulnerability in the SAP Solution Manager's Diagnostics agent version 7.20 allows unauthenticated attackers to execute HTTP requests without authentication. This can lead to unauthorized commands being run against the system, potentially compromising the confidentiality and availability of the affected application and any connected systems that the Diagnostics agent has access to. Organizations using this product should be aware of the risks involved and implement necessary security measures to protect against unauthorized access.",SAP,SAP Solution Manager (diagnostics Agent),7.2,HIGH,0.0009500000160187483,false,false,false,false,,false,false,2023-07-11T03:15:00.000Z,0
CVE-2023-36921,https://securityvulnerability.io/vulnerability/CVE-2023-36921,Header Injection in SAP Solution Manager (Diagnostic Agent),"The SAP Solution Manager's Diagnostics Agent in version 7.20 contains a vulnerability that allows an attacker to manipulate headers in a client request. This manipulation can lead the SAP Diagnostics Agent to serve incorrect or malicious content to the server. If exploited, the attacker may compromise the confidentiality and availability of the application, posing significant risks to data integrity and operational effectiveness.",SAP,SAP Solution Manager (diagnostic Agent),7.2,HIGH,0.0008699999889358878,false,false,false,false,,false,false,2023-07-11T03:15:00.000Z,0
CVE-2022-41261,https://securityvulnerability.io/vulnerability/CVE-2022-41261,,"SAP Solution Manager (Diagnostic Agent) - version 7.20, allows an authenticated attacker on Windows system to access a file containing sensitive data which can be used to access a configuration file which contains credentials to access other system files. Successful exploitation can make the attacker access files and systems for which he/she is not authorized.",SAP,Solution Manager (diagnostic Agent),6,MEDIUM,0.0004400000034365803,false,false,false,false,,false,false,2022-12-12T21:24:53.439Z,0
CVE-2020-6235,https://securityvulnerability.io/vulnerability/CVE-2020-6235,,"SAP Solution Manager (Diagnostics Agent), version 7.2, does not perform the authentication check for the functionalities of the Collector Simulator, leading to Missing Authentication.",SAP,SAP Solution Manager (diagnostics Agent),8.6,HIGH,0.0017800000496208668,false,false,false,false,,false,false,2020-04-14T18:36:26.000Z,0
CVE-2020-6198,https://securityvulnerability.io/vulnerability/CVE-2020-6198,,"SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check.",SAP,SAP Solution Manager (diagnostics Agent),9.8,CRITICAL,0.0024399999529123306,false,false,false,false,,false,false,2020-03-10T20:18:20.000Z,0
CVE-2019-0307,https://securityvulnerability.io/vulnerability/CVE-2019-0307,,"Diagnostics Agent in Solution Manager, version 7.2, stores several credentials such as SLD user connection as well as Solman user communication in the SAP Secure Storage file which is not encrypted by default. By decoding these credentials, an attacker with admin privileges could gain access to the entire configuration, but no system sensitive information can be gained.",SAP,SAP Solution Manager(diagnostics Agent),2.4,LOW,0.00343999988399446,false,false,false,false,,false,false,2019-06-12T14:21:39.000Z,0