Missing Authentication Check in SAP Solution Manager Affects User Experience Monitoring
CVE-2020-6207

9.8CRITICAL

Key Information:

Vendor: SAP
Status: SAP Solution Manager (user Experience Monitoring)
Vendor: CVE Published:; 10 March 2020

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 94%🦅 CISA Reported

Summary

The vulnerability in SAP Solution Manager, specifically in the User Experience Monitoring component, leaves the system exposed due to a missing authentication check. This flaw allows attackers to exploit the service to gain unauthorized access, potentially compromising all connected SMDAgents. Without proper authentication, an attacker could execute arbitrary commands remotely, affecting the integrity and security of the entire SAP environment.

CISA Reported

CISA provides regional cyber and physical services to support security and resilience across the United States. CISA monitor the most dangerious vulnerabilities and have identifed as being exploited but is not known by the CISA to be used in ransomware campaigns. This is subject to change at pace

The CISA's recommendation is: Apply updates per vendor instructions.

Affected Version(s)

SAP Solution Manager (User Experience Monitoring) < 7.2

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

SAP_EEM_CVE-2020-6207
Created by chipik