CVE-2020-6207

Warnung

Exploit

EPSS 94.27%
Veröffentlicht 10.03.2020 21:15:14
Zuletzt bearbeitet 13.03.2025 17:28:01
Quelle cna@sap.com
Teams Watchlist Login
Unerledigt Login

SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 10

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Solution Manager Version7.20

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

SAP Solution Manager Missing Authentication for Critical Function Vulnerability

Schwachstelle

SAP Solution Manager User Experience Monitoring contains a missing authentication for critical function vulnerability which results in complete compromise of all SMDAgents connected to the Solution Manager.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	94.27%	0.999

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	10	10	10	AV:N/AC:L/Au:N/C:C/I:C/A:C
cna@sap.com	10	3.9	6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305

Vendor Advisory

Broken Link

http://packetstormsecurity.com/files/161993/SAP-Solution-Manager-7.2-Remote-Command-Execution.html

Third Party Advisory

Exploit

VDB Entry

http://packetstormsecurity.com/files/162083/SAP-SMD-Agent-Unauthenticated-Remote-Code-Execution.html

Third Party Advisory

Exploit

VDB Entry

http://packetstormsecurity.com/files/163168/SAP-Solution-Manager-7.20-Missing-Authorization.html