CVE-2020-6207 is a vulnerability in SAP Solution Manager
Published on March 10, 2020
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.
Known Exploited Vulnerability
This SAP Solution Manager Missing Authentication Check Complete Compromise of SMD Agents vulnerability is part of CISA's list of Known Exploited Vulnerabilities. SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.
The following remediation steps are recommended / required by May 3, 2022: Apply updates per vendor instructions.
Weakness Type
Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
Products Associated with CVE-2020-6207
Want to know whenever a new CVE is published for SAP Solution Manager? stack.watch will email you.
Affected Versions
SAP SE SAP Solution Manager (User Experience Monitoring) Version < 7.2 is affected by CVE-2020-6207Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.