Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Sap Subscribe
Filtered by product Landscape Management
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-0249 1 Sap 1 Landscape Management 2020-08-24 5.0 MEDIUM 7.5 HIGH
Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted.
CVE-2019-0261 1 Sap 1 Landscape Management 2020-08-24 7.5 HIGH 9.8 CRITICAL
Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack)).
CVE-2020-6236 1 Sap 2 Adaptive Extensions, Landscape Management 2020-04-15 6.5 MEDIUM 7.2 HIGH
SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files as root user from a non-root context, leading to Privilege Escalation.
CVE-2020-6192 1 Sap 1 Landscape Management 2020-02-19 9.0 HIGH 7.2 HIGH
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management.
CVE-2020-6191 1 Sap 1 Landscape Management 2020-02-19 9.0 HIGH 7.2 HIGH
SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation.
CVE-2019-0380 1 Sap 1 Landscape Management 2020-02-10 4.0 MEDIUM 4.9 MEDIUM
Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters’ default values to be part of the application logs leading to Information Disclosure.