Primary

Context

SAP Solution Manager Missing Input Sanitation Vulnerability Allowing Remote Code Execution

Vulnerability

A vulnerability in SAP Solution Manager has been identified, allowing authenticated attackers to execute malicious code by exploiting remote-enabled function modules. This issue arises from inadequate input validation, which could lead to a complete takeover of the system, significantly compromising its confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability could result in remote code execution, allowing an attacker to gain full control over the affected system.

Remediation

Users are advised to consult the SAP Security Notes for guidance on applying necessary patches. SAP Security Patch Day occurs on the second Tuesday of each month, when SAP releases security updates. For more information, refer to the SAP Security Notes FAQ.

Added: Dec 9, 2025, 7:25 PM

Updated: Dec 9, 2025, 7:25 PM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

4.9

remediation

6.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

4.9

remediation

6.0

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP Solution Manager Missing Input Sanitation Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

SAP Solution Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating