Gonzalo Roisman

**Name of the Vulnerable Software and Affected Versions** SAP Solution Manager 7.2 (User Experience Monitoring) version 7.2 **Description** The issue arises from inadequate access control, allowing a network attacker authenticated as a regular user to perform operations restricted to administrators. This includes changing the User Experience Monitoring configuration, obtaining details about configured SAP Solution Manager agents, and deploying a malicious User Experience Monitoring script. **Recommendations** For SAP Solution Manager 7.2 (User Experience Monitoring) version 7.2, consider restricting access to the User Experience Monitoring configuration and agent details to minimize the risk of exploitation. As a temporary workaround, limit the use of operations that can be used to deploy scripts until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** SAP Solution Manager 7.2 (User Experience Monitoring) version 7.2 **Description** The issue allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability. This can compromise confidentiality by exposing elements of the file system, partially compromise integrity by allowing the modification of some configurations, and partially compromise availability by making certain services unavailable. **Recommendations** For SAP Solution Manager 7.2 (User Experience Monitoring) version 7.2, consider restricting the upload of scripts to prevent exploitation of the path traversal vulnerability until a patch is available. As a temporary workaround, limit access to sensitive configurations and services to minimize the risk of modification or unavailability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.