CVE-2020-6271

CWE-914 documents4 sources

Severity

8.2HIGH

EPSS

0.5%

top 32.74%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Solution Manager (problem Context Manager)SAP Solution Manager

Timeline

PublishedJun 10

Latest updateMay 24

Description

SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and read restricted data (files visible for technical administration users of the diagnostics agent).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages2 packages

▶CVEListV5sap_se/sap_solution_manager_(problem_context_manager)< 7.2

▶NVDsap/solution_manager7.2

🔴Vulnerability Details

GHSA

GHSA-5qf2-fv97-vff9: SAP Solution Manager (Problem Context Manager), version 7↗2022-05-24

▶

CVEList

CVE-2020-6271: SAP Solution Manager (Problem Context Manager), version 7↗2020-06-10

▶

💥Exploits & PoCs

Exploit-DB

Qmail SMTP 1.03 - Bash Environment Variable Injection↗2020-07-08

▶