Access Control Flaw in SAP Solution Manager 7.2 User Experience Monitoring
CVE-2020-26830
7.6HIGH
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 9 December 2020
What is CVE-2020-26830?
SAP Solution Manager 7.2, specifically within its User Experience Monitoring component, lacks proper authorization checks for authenticated users. This vulnerability allows an attacker, already authenticated as a regular user, to perform actions that should be restricted to administrators. As a result, sensitive configurations related to User Experience Monitoring can be changed, and information about the existing SAP Solution Manager agents can be accessed. Furthermore, it allows the deployment of potentially malicious scripts which could compromise the integrity of the entire system.
Affected Version(s)
SAP Solution Manager (User Experience Monitoring) < 7.20