VDB

CVE-2020-6207

CVE-2020-6207 PUBLISHED KEV CVSS 10 CRITICAL

SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.

EPSS 94.15% · 99.9th percentile

Risk Scores

CVSS 3.0
10
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score
94.15%
99.9th percentile

Affected Products

VendorProductVersions
sapsolution_manager7.20
SAP SESAP Solution Manager (User Experience Monitoring)< 7.2

Timeline

  • CVE Published
  • Jan 25, 2021 PoC Published
  • Mar 25, 2021 PoC Published
  • Mar 26, 2021 PoC Published
  • Apr 14, 2021 EPSS Score
  • Jun 15, 2021 EPSS Score
  • Jun 16, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Oct 26, 2021 EPSS Score
  • Nov 3, 2021 CISA KEV Added
  • Nov 8, 2021 PoC Published
  • Nov 20, 2021 PoC Published
Open in Interactive Console →
$ Console Community · 100/wk Open console ›