Description
Due to a missing authorization check, an authenticated attacker could upload a file as a template for solution documentation in SAP Solution Manager 7.1. After successful exploitation, an attacker can cause limited impact on the integrity and availability of the application.
CVSS breakdown
CVSS 3.1
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low
Affected products
- SAP_SE / SAP Solution ManagerST 720 – ST 720
- SAP_SE / SAP Solution ManagerSAP_BASIS 700 – SAP_BASIS 700
- SAP_SE / SAP Solution ManagerSAP_BASIS 701 – SAP_BASIS 701
- SAP_SE / SAP Solution ManagerSAP_BASIS 702 – SAP_BASIS 702
- SAP_SE / SAP Solution ManagerSAP_BASIS 731 – SAP_BASIS 731
- SAP_SE / SAP Solution ManagerSAP_BASIS 740 – SAP_BASIS 740
- SAP_SE / SAP Solution ManagerSAP_BASIS 750 – SAP_BASIS 750
- SAP_SE / SAP Solution ManagerSAP_BASIS 751 – SAP_BASIS 751
- SAP_SE / SAP Solution ManagerSAP_BASIS 752 – SAP_BASIS 752
- SAP_SE / SAP Solution ManagerSAP_BASIS 753 – SAP_BASIS 753
- SAP_SE / SAP Solution ManagerSAP_BASIS 754 – SAP_BASIS 754
- SAP_SE / SAP Solution ManagerSAP_BASIS 755 – SAP_BASIS 755
- SAP_SE / SAP Solution ManagerSAP_BASIS 756 – SAP_BASIS 756
- SAP_SE / SAP Solution ManagerSAP_BASIS 757 – SAP_BASIS 757
- SAP_SE / SAP Solution ManagerSAP_BASIS 758 – SAP_BASIS 758
- SAP_SE / SAP Solution ManagerSAP_BASIS 914 – SAP_BASIS 914