CVE-2020-6235

CWE-306Missing AuthenticationCWE-287Improper Authentication3 documents3 sources
Severity
8.6HIGH
EPSS
0.4%
top 40.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Solution Manager (diagnostics Agent)SAP Solution Manager
Timeline
PublishedApr 14
Latest updateMay 24

Description

SAP Solution Manager (Diagnostics Agent), version 7.2, does not perform the authentication check for the functionalities of the Collector Simulator, leading to Missing Authentication.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-pg72-cm62-849q: SAP Solution Manager (Diagnostics Agent), version 72022-05-24
CVEList
CVE-2020-6235: SAP Solution Manager (Diagnostics Agent), version 72020-04-14
CVE-2020-6235 (HIGH CVSS 8.6) | SAP Solution Manager (Diagnostics A | cvebase.io