Skip links
Arpine Maghakyan

Arpine Maghakyan

Security Researcher of RedRays.

CVE-2020-6207 Missing Authentication Check in SAP Solution Manager, SAP security note 2890213

Description

UPDATE 9th March 2021: This note has been re-released with updated  ‘Symptom’ information. Customers need to be on SAP Solution Manager 7.2 Support Package Stack 4 to 11 to implement the required patch. Lower Support Package Stacks are not supported. Support Package Stack 12 and higher contain the correction, no action is required.

UPDATE 10th November 2020: This note has been re-released with updated  ‘Support Packages & Patches’ information. For the release SOLMANDIAG 720, we added SP011 and the Patch level 000004.

UPDATE 25th August 2020: This note has been re-released with updated ‘Symptom’,‘Solution’ information. We made few minor textual changes in the sections mentioned. There have not been any changes done which require customer action.

SAP Solution Manager User-Experience Monitoring does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.

Available fix and Supported packages

  • LM-SERVICE | 7.20 | 7.20
  • SOLMANDIAG 720 | SP004 | 000012
  • SOLMANDIAG 720 | SP005 | 000013
  • SOLMANDIAG 720 | SP006 | 000014
  • SOLMANDIAG 720 | SP007 | 000020
  • SOLMANDIAG 720 | SP008 | 000016
  • SOLMANDIAG 720 | SP009 | 000008
  • SOLMANDIAG 720 | SP010 | 000002
  • SOLMANDIAG 720 | SP011 | 000004

Affected component

    SV-SMG-MON-EEM
    End User Experience Monitoring

CVSS

Score: 10.0
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Exploit

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2890213

TAGS

#Missing-Authentication-&160-User-Experience-Monitoring–SAP-Solution-Manager-7.2
#&160-CVE-2020-6207

More to explorer

SAP Cloud Connector Certificate Validation Issue

Date of Release: February 13, 2024 Advisory ID: CVE-2024-25642 Affected Software: SAP Cloud Connector Versions Affected: 2.15.0 to 2.16.1 Vulnerability Summary:A critical vulnerability,

Protect Your SAP with RedRays Security Platform

Explore the Power of Our Scanner with an Interactive Prototype Below