Missing Authentication in SAP Solution Manager Diagnostics Agent
CVE-2020-6235

8.6HIGH

Key Information:

Vendor: SAP
Status: SAP Solution Manager (diagnostics Agent)
Vendor: CVE Published:; 14 April 2020

What is CVE-2020-6235?

The SAP Solution Manager (Diagnostics Agent) version 7.2 has a vulnerability where it fails to enforce authentication checks for the Collector Simulator functionalities. This oversight can potentially allow unauthorized access to sensitive components, posing a risk of exposure and exploitation by malicious actors. It is crucial for organizations utilizing this product to address this security gap to mitigate risks associated with improper access.

Affected Version(s)

SAP Solution Manager (Diagnostics Agent) < 7.2

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2906994

x_refsource_MISC

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 14, 2020
Vulnerability Reserved
Jan 8, 2020