CVE-2020-6207 — SAP Solution Manager Missing Authentication for Critical Function Vulnerability

2021-11-03 • CISA Known Exploited Vulnerability

[event] SAP Solution Manager User Experience Monitoring contains a missing authentication for critical function vulnerability which results in complete compromise of all SMDAgents connected to the Solution Manager.

> AFFECTED SOFTWARE

Field	Value
Vendor	SAP
Product	Solution Manager
CWE	CWE-306
CVE ID	CVE-2020-6207
Date Added	2021-11-03
Due Date	2022-05-03
Ransomware Campaign	Unknown

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2022-05-03

> REFERENCES

[1] https://nvd.nist.gov/vuln/detail/CVE-2020-6207