Vulnerabilities (CVE)

Filtered by vendor Sap Subscribe
Filtered by product Focused Run
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2022-27657 1 Sap 1 Focused Run 2024-11-21 4.0 MEDIUM 2.7 LOW
A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple Diagnostics Agent 1.0) - version 1.0.
CVE-2022-24399 1 Sap 1 Focused Run 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting (XSS) vulnerability.
CVE-2021-27609 1 Sap 1 Focused Run 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP EarlyWatch Alert service data collection and sending to SAP without the intended authorization.
CVE-2020-6369 1 Sap 2 Focused Run, Solution Manager 2024-11-21 4.3 MEDIUM 5.9 MEDIUM
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service.