CRITICAL🚩 CISA KEV⚡ EXPLOIT🇵🇱 Wersja polska

CVE-2020-6207

CVSS 9.8v3.1pub. 2020-03-10upd. 2025-10-31

SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Sap Solution Manager

    APP
    Sap
    7.20

CISA KEV — detailsi

Vendori
SAP
Producti
Solution Manager
Added to KEVi
November 3, 2021
Remediation deadline (US Federal)i
May 3, 2022(overdue)
Required action (CISA)i

Apply updates per vendor instructions.

CISA descriptioni

SAP Solution Manager User Experience Monitoring contains a missing authentication for critical function vulnerability which results in complete compromise of all SMDAgents connected to the Solution Manager.

🔴
IMMEDIATE ACTION
Actively exploited in the wild (CISA KEV). Patch immediately.
CISA DEADLINE: 3 maja 2022
CWE
References

Related vulnerabilities

CVE-2022-22544CRITICAL9.1ten sam produkt

Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute cod...

CVE-2020-26837CRITICAL9.1ten sam produkt

SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a...

CVE-2020-26823CRITICAL10.0ten sam produkt

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system...

CVE-2020-26821CRITICAL10.0ten sam produkt

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system...

CVE-2020-26822CRITICAL10.0ten sam produkt

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system...