SAP Solution Manager could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using a specially-crafted URL to redirect a victim to arbitrary Web sites.
SAP Solution Manager could allow a local authenticated attacker to obtain sensitive information, caused by improper access control. By sending a specially-crafted request, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
Current SAP customers should refer to SAP note for patch information, available from the SAP Web site (login required).