- EPSS 0.29%
- Published 12.04.2022 17:15:10
- Last modified 21.11.2024 06:56:06
A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0.
CVE-2022-24399
- EPSS 0.74%
- Published 10.03.2022 17:46:11
- Last modified 21.11.2024 06:50:20
The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2021-27609
- EPSS 0.14%
- Published 13.04.2021 19:15:15
- Last modified 21.11.2024 05:58:17
SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP EarlyWatch Alert service data collection and sending...
CVE-2020-6369
- EPSS 0.95%
- Published 20.10.2020 14:15:14
- Last modified 21.11.2024 05:35:35
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the admi...