CVE-2020-6198

CWE-306 — Missing Authentication CWE-319 — Cleartext Transmission CWE-287 — Improper Authentication3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.4%

top 39.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Solution Manager (diagnostics Agent)SAP Solution Manager

Timeline

PublishedMar 10

Latest updateMay 24

Description

SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sap_se/sap_solution_manager_(diagnostics_agent)< 7.2

▶NVDsap/solution_manager7.20

🔴Vulnerability Details

GHSA

GHSA-gmh8-p2g6-p44v: SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources↗2022-05-24

▶

CVEList

CVE-2020-6198: SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources↗2020-03-10

▶