Primary

Context

SAP Solution Manager Missing Input Sanitation Vulnerability Allowing Code Injection

Vulnerability

A vulnerability exists in SAP Solution Manager due to inadequate input sanitation, enabling authenticated attackers to inject malicious code via remote-enabled function module calls. This flaw could grant attackers complete control over the system, significantly compromising the system's confidentiality, integrity, and availability.

Impact

Exploitation of this vulnerability could lead to unauthorized code execution, allowing attackers to gain full control over the affected system.

Remediation

Users are advised to consult the SAP Security Notes for guidance on applying necessary patches. SAP Security Notes can be accessed through the SAP for Me platform, specifically on the SAP Security Patch Day.

Added: Nov 11, 2025, 1:30 AM

Updated: Nov 11, 2025, 1:30 AM

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

4.9

remediation

6.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

4.5

impact

7.5

exploitability

4.9

remediation

6.0

relevance

1.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SAP Solution Manager Missing Input Sanitation Vulnerability Allowing Code Injection

Vulnerability

Impact

Remediation

Affected Products

SAP Solution Manager

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating