SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.
Published 2020-03-10 21:15:15
Updated 2021-06-17 14:30:30
Source SAP SE
View at NVD,   CVE.org

Products affected by CVE-2020-6207

CVE-2020-6207 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
SAP Solution Manager Missing Authentication for Critical Function Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
SAP Solution Manager User Experience Monitoring contains a missing authentication for critical function vulnerability which results in complete compromise of all SMDAgents connected to the Solution Manager.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2020-6207
Added on 2021-11-03 Action due date 2022-05-03

Exploit prediction scoring system (EPSS) score for CVE-2020-6207

97.40%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less

Metasploit modules for CVE-2020-6207

  • SAP Solution Manager remote unauthorized OS commands execution
    Disclosure Date: 2020-10-03
    First seen: 2021-03-25
    auxiliary/admin/sap/cve_2020_6207_solman_rce
    This module exploits the CVE-2020-6207 vulnerability within the SAP EEM servlet (tc~smd~agent~application~eem) of SAP Solution Manager (SolMan) running version 7.2. The vulnerability occurs due to missing authentication checks when submitting SOAP requests to the /EemA
  • SAP Solution Manager remote unauthorized OS commands execution
    Disclosure Date: 2020-10-03
    First seen: 2021-03-25
    exploit/multi/sap/cve_2020_6207_solman_rs
    This module exploits the CVE-2020-6207 vulnerability within the SAP EEM servlet (tc~smd~agent~application~eem) of SAP Solution Manager (SolMan) running version 7.2. The vulnerability occurs due to missing authentication checks when submitting a SOAP request to the /Eem

CVSS scores for CVE-2020-6207

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
10.0
HIGH AV:N/AC:L/Au:N/C:C/I:C/A:C
10.0
10.0
NIST
10.0
CRITICAL CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
3.9
6.0
SAP SE
9.8
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3.9
5.9
NIST

CWE ids for CVE-2020-6207

References for CVE-2020-6207

Jump to
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!