Primary

Context

SAP Solution Manager Directory Traversal Vulnerability Allowing Unauthorized Access to Critical Information

Vulnerability

A directory traversal vulnerability has been identified in SAP Solution Manager, allowing authorized attackers to access sensitive information. Exploitation involves using an RFC-enabled function module to read files from any managed system connected to SAP Solution Manager. This vulnerability has a high impact on confidentiality, with no effects on integrity or availability.

Impact

Successful exploitation allows unauthorized access to critical information, with a high impact on confidentiality.

Remediation

Users are advised to review and implement the SAP Security Note associated with this vulnerability. This can be done through the SAP Security Patch Day, which occurs on the second Tuesday of every month. For more information, consult the SAP Security Notes FAQ.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.8

exploitability

4.9

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

0.8

exploitability

4.9

remediation

8.3

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP Solution Manager Directory Traversal Vulnerability Allowing Unauthorized Access to Critical Information

Vulnerability

Impact

Remediation

Affected Products

SAP Solution Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating