← Back to CVEs
CVE-2020-6198
CRITICAL9.8
Description
SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check.
CVE Details
CVSS v3.1 Score9.8
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published3/10/2020
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
sap:solution_manager
Weaknesses (CWE)
CWE-306CWE-319
References
https://launchpad.support.sap.com/#/notes/2845377(cna@sap.com)
https://launchpad.support.sap.com/#/notes/2845377(af854a3a-2127-422b-91ae-364da2661108)
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.