Description
Some Authentication checks are missing in SAP Solution Manager (software component LM-SERVICE). An un-authenticated attacker is able to compromise the system. This has an impact to the integrity as well as availability of the service. The affected services are:
- SVG Converter Service - CVE-2020-26821
- Outside Discovery Configuration Service - CVE-2020-26822
- Upgrade Diagnostics Agent Connection Service - CVE-2020-26823
- Upgrade Legacy Ports Service - CVE-2020-26824
Available fix and Supported packages
- LM-SERVICE | 7.20 | 7.20
- SOLMANDIAG 720 | SP004 | 000012
- SOLMANDIAG 720 | SP005 | 000013
- SOLMANDIAG 720 | SP006 | 000014
- SOLMANDIAG 720 | SP007 | 000020
- SOLMANDIAG 720 | SP008 | 000016
- SOLMANDIAG 720 | SP009 | 000008
- SOLMANDIAG 720 | SP010 | 000002
- SOLMANDIAG 720 | SP011 | 000004
Affected component
- SV-SMG-MON-EEM
End User Experience Monitoring
CVSS
Score: 10.0
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
Exploit
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2985866
