Landscape Management SAP Landscape Management

Do you want an email whenever new security vulnerabilities are reported in SAP Landscape Management?

By the Year

In 2024 there have been 0 vulnerabilities in SAP Landscape Management . Last year Landscape Management had 1 security vulnerability published. Right now, Landscape Management is on track to have less security vulnerabilities in 2024 than it did last year.

Year Vulnerabilities Average Score
2024 0 0.00
2023 1 8.70
2022 0 0.00
2021 0 0.00
2020 3 7.20
2019 3 7.40
2018 0 0.00

It may take a day or so for new Landscape Management vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent SAP Landscape Management Security Vulnerabilities

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition

CVE-2023-26458 8.7 - High - April 11, 2023

An information disclosure vulnerability exists in SAP Landscape Management - version 3.0, enterprise edition. It allows an authenticated SAP Landscape Management user to obtain privileged access to other systems making those other systems vulnerable to information disclosure and modification.The disclosed information is for Diagnostics Agent Connection via Java SCS Message Server of an SAP Solution Manager system and can only be accessed by authenticated SAP Landscape Management users, but they can escalate their privileges to the SAP Solution Manager system.

Exposure of Resource to Wrong Sphere

SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0

CVE-2020-6236 7.2 - High - April 14, 2020

SAP Landscape Management, version 3.0, and SAP Adaptive Extensions, version 1.0, allows an attacker with admin_group privileges to change ownership and permissions (including S-user ID bit s-bit) of arbitrary files remotely. This results in the possibility to execute these files as root user from a non-root context, leading to Privilege Escalation.

Improper Privilege Management

SAP Landscape Management, version 3.0

CVE-2020-6191 7.2 - High - February 12, 2020

SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious executables with root privileges in SAP Host Agent via SAP Landscape Management due to Missing Input Validation.

Improper Input Validation

SAP Landscape Management, version 3.0

CVE-2020-6192 7.2 - High - February 12, 2020

SAP Landscape Management, version 3.0, allows an attacker with admin privileges to execute malicious commands with root privileges in SAP Host Agent via SAP Landscape Management.

Improper Input Validation

Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0

CVE-2019-0380 4.9 - Medium - October 08, 2019

Under certain conditions, SAP Landscape Management enterprise edition, before version 3.0, allows custom secure parameters default values to be part of the application logs leading to Information Disclosure.

Insertion of Sensitive Information into Log File

Under certain circumstances

CVE-2019-0261 9.8 - Critical - February 15, 2019

Under certain circumstances, SAP HANA Extended Application Services, advanced model (XS advanced) does not perform authentication checks properly for XS advanced platform and business users. Fixed in 1.0.97 to 1.0.99 (running on SAP HANA 1 or SAP HANA 2 SPS0 (second S stands for stack)).

Missing Authentication for Critical Function

Under certain conditions SAP Landscape Management (VCM 3.0)

CVE-2019-0249 7.5 - High - January 08, 2019

Under certain conditions SAP Landscape Management (VCM 3.0) allows an attacker to access information which would otherwise be restricted.

Stay on top of Security Vulnerabilities

Want an email whenever new vulnerabilities are published for SAP Landscape Management or by SAP? Click the Watch button to subscribe.

SAP
Vendor

subscribe