Skip to main content

Focused Run

4 CVEs product

Monthly

CVE-2022-27657 LOW Monitor

A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Path Traversal Focused Run
NVD
CVSS 3.1
2.7
EPSS
2.5%
CVE-2022-24399 MEDIUM POC This Month

The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS SAP Focused Run
NVD
CVSS 3.1
6.1
EPSS
1.4%
CVE-2021-27609 MEDIUM This Month

SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Focused Run
NVD
CVSS 3.1
6.5
EPSS
0.5%
CVE-2020-6369 MEDIUM This Month

SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SAP Authentication Bypass Focused Run Solution Manager
NVD
CVSS 3.1
5.9
EPSS
2.6%
EPSS 2% CVSS 2.7
LOW Monitor

A highly privileged remote attacker, can gain unauthorized access to display contents of restricted directories by exploiting insufficient validation of path information in SAP Focused Run (Simple. Rated low severity (CVSS 2.7), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Authentication Bypass SAP Path Traversal +1
NVD
EPSS 1% CVSS 6.1
MEDIUM POC This Month

The SAP Focused Run (Real User Monitoring) - versions 200, 300, REST service does not sufficiently sanitize the input name of the file using multipart/form-data, resulting in Cross-Site Scripting. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS SAP Focused Run
NVD
EPSS 1% CVSS 6.5
MEDIUM This Month

SAP Focused RUN versions 200, 300, does not perform necessary authorization checks for an authenticated user, which allows a user to call the oData service and manipulate the activation for the SAP. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SAP Authentication Bypass Focused Run
NVD
EPSS 3% CVSS 5.9
MEDIUM This Month

SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

SAP Authentication Bypass Focused Run +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy