CVE-2020-6207 Scanner
Detects 'Remote Code Execution (RCE)' vulnerability in SAP Solution Manager (User Experience Monitoring) affects v. 7.2.
Short Info
Level
Critical
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 second
Time Interval
1 month
Scan only one
Domain, Ipv4
Toolbox
-
SAP Solution Manager (User Experience Monitoring) is a product that allows system administrators to effectively monitor their SAP applications and systems. This product provides insights into the performance of various SAP components, including ABAP, Java, HANA, and Fiori applications. The product also provides valuable information on end-users’ experiences with SAP systems, providing insight into the usability and responsiveness of various SAP applications. the Solution Manager is used extensively in production environments, ensuring the smooth running of business operations.
However, recently a serious vulnerability, CVE-2020-6207, has been identified in SAP Solution Manager (User Experience Monitoring) version- 7.2. This vulnerability allows an attacker to perform an exploit without performing any authentication for a service, compromising all SMDAgents connected to the Solution Manager. The focus of the exploit is on the solution manager’s “user experience monitoring” feature.
The CVE-2020-6207 vulnerability poses serious risks to the integrity and security of SAP systems. If exploited, this vulnerability could lead to an attacker accessing sensitive business data, manipulation of system settings, or even the complete takeover of the SAP system. Additionally, the vulnerability could lead to data breaches, which may result in monetary losses or legal problems.
In conclusion, it is evident that the CVE-2020-6207 vulnerability in SAP Solution Manager (User Experience Monitoring) poses significant risks to businesses using the system. Therefore, it is essential that system administrators take immediate measures to protect their systems against this vulnerability. Moreover, the s4e.io platform with its pro features can help users stay informed about vulnerabilities and risks that could compromise their digital assets, minimising compromise and risk.
REFERENCES
- http://packetstormsecurity.com/files/161993/SAP-Solution-Manager-7.2-Remote-Command-Execution.html
- http://packetstormsecurity.com/files/162083/SAP-SMD-Agent-Unauthenticated-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/163168/SAP-Solution-Manager-7.20-Missing-Authorization.html
- http://seclists.org/fulldisclosure/2021/Apr/4
- http://seclists.org/fulldisclosure/2021/Jun/34
- https://launchpad.support.sap.com/#/notes/2890213
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305