Known Vulnerabilities
CVE-2018-2405
SAP Solution Manager, 7.10, 7.20, Incident Management Work Center allows an attacker to upload a malicious script as an attachment and this could lead to possible Cross-Site Scripting.
MEDIUM
CVSS 5.4
Published Apr 10, 2018
CVE-2018-2361
In SAP Solution Manager 7.20, the role SAP_BPO_CONFIG gives the Business Process Operations (BPO) configuration user more authorization than required for configuring the BPO tools.
UNKNOWN
Published Jan 09, 2018