- Description
- SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an impact to the integrity and availability of the service.
- Source
- cna@sap.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 10
- Impact score
- 5.8
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
- Severity
- CRITICAL
CVSS 3.0
- Type
- Secondary
- Base score
- 10
- Impact score
- 5.8
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 6.4
- Impact score
- 4.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:P
- nvd@nist.gov
- CWE-306
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:solution_manager:7.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AF78CCAF-7998-4C44-AA4D-B443DBEDAB00"
}
],
"operator": "OR"
}
]
}
]