Vulnerability Details : CVE-2020-6207
Public exploit exists!
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.
Products affected by CVE-2020-6207
- cpe:2.3:a:sap:solution_manager:7.20:*:*:*:*:*:*:*
CVE-2020-6207 is in the CISA Known Exploited Vulnerabilities Catalog
CISA vulnerability name:
SAP Solution Manager Missing Authentication for Critical Function Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
SAP Solution Manager User Experience Monitoring contains a missing authentication for critical function vulnerability which results in complete compromise of all SMDAgents connected to the Solution Manager.
Notes:
https://nvd.nist.gov/vuln/detail/CVE-2020-6207
Added on
2021-11-03
Action due date
2022-05-03
Exploit prediction scoring system (EPSS) score for CVE-2020-6207
97.40%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2020-6207
-
SAP Solution Manager remote unauthorized OS commands execution
Disclosure Date: 2020-10-03First seen: 2021-03-25auxiliary/admin/sap/cve_2020_6207_solman_rceThis module exploits the CVE-2020-6207 vulnerability within the SAP EEM servlet (tc~smd~agent~application~eem) of SAP Solution Manager (SolMan) running version 7.2. The vulnerability occurs due to missing authentication checks when submitting SOAP requests to the /EemA -
SAP Solution Manager remote unauthorized OS commands execution
Disclosure Date: 2020-10-03First seen: 2021-03-25exploit/multi/sap/cve_2020_6207_solman_rsThis module exploits the CVE-2020-6207 vulnerability within the SAP EEM servlet (tc~smd~agent~application~eem) of SAP Solution Manager (SolMan) running version 7.2. The vulnerability occurs due to missing authentication checks when submitting a SOAP request to the /Eem
CVSS scores for CVE-2020-6207
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
10.0
|
HIGH | AV:N/AC:L/Au:N/C:C/I:C/A:C |
10.0
|
10.0
|
NIST | |
10.0
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
3.9
|
6.0
|
SAP SE | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST |
CWE ids for CVE-2020-6207
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-6207
-
http://seclists.org/fulldisclosure/2021/Jun/34
Full Disclosure: Onapsis Security Advisory 2021-0014: Missing authorization check in SAP Solution Manager LM-SERVICE Component SP 11 PL 2Mailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2021/Apr/4
Full Disclosure: Onapsis Security Advisory 2021-0001: [CVE-2020-6207] - Unauthenticated RCE in SAP all SMD Agents connected to SAP SolManMailing List;Third Party Advisory
-
http://packetstormsecurity.com/files/162083/SAP-SMD-Agent-Unauthenticated-Remote-Code-Execution.html
SAP SMD Agent Unauthenticated Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://launchpad.support.sap.com/#/notes/2890213
SAP ONE Support Launchpad: Log OnPermissions Required;Vendor Advisory
-
http://packetstormsecurity.com/files/163168/SAP-Solution-Manager-7.20-Missing-Authorization.html
SAP Solution Manager 7.20 Missing Authorization ≈ Packet StormThird Party Advisory
-
http://packetstormsecurity.com/files/161993/SAP-Solution-Manager-7.2-Remote-Command-Execution.html
SAP Solution Manager 7.2 Remote Command Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305
SAP Security Patch Day – March 2020 - Product Security Response at SAP - Community WikiVendor Advisory
Jump to