SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/161993/SAP-Solution-Manager-7.2-Remote-Command-Execution.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/162083/SAP-SMD-Agent-Unauthenticated-Remote-Code-Execution.html | Exploit Third Party Advisory VDB Entry |
http://packetstormsecurity.com/files/163168/SAP-Solution-Manager-7.20-Missing-Authorization.html | Third Party Advisory |
http://seclists.org/fulldisclosure/2021/Apr/4 | Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2021/Jun/34 | Mailing List Third Party Advisory |
https://launchpad.support.sap.com/#/notes/2890213 | Permissions Required Vendor Advisory |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305 | Vendor Advisory |
Configurations
History
17 Jun 2021, 14:30
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://launchpad.support.sap.com/#/notes/2890213 - Permissions Required, Vendor Advisory | |
References | (MISC) http://packetstormsecurity.com/files/163168/SAP-Solution-Manager-7.20-Missing-Authorization.html - Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2021/Jun/34 - Mailing List, Third Party Advisory | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2021/Apr/4 - Mailing List, Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/162083/SAP-SMD-Agent-Unauthenticated-Remote-Code-Execution.html - Exploit, Third Party Advisory, VDB Entry |
15 Jun 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
14 Jun 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
06 Apr 2021, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
05 Apr 2021, 19:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
30 Mar 2021, 17:26
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : 10.0
v3 : 9.8 |
References | (MISC) http://packetstormsecurity.com/files/161993/SAP-Solution-Manager-7.2-Remote-Command-Execution.html - Exploit, Third Party Advisory, VDB Entry |
26 Mar 2021, 17:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2020-03-10 21:15
Updated : 2023-12-10 13:13
NVD link : CVE-2020-6207
Mitre link : CVE-2020-6207
CVE.ORG link : CVE-2020-6207
JSON object : View
Products Affected
sap
- solution_manager
CWE
CWE-306
Missing Authentication for Critical Function