CVE-2020-6207

CRITICAL KEV NUCLEI

SAP Solution Manager 7.2 - Auth Bypass

Title source: llm

Description

SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.

Exploits (4)

nomisec WRITEUP 81 stars
by chipik · remote
https://github.com/chipik/SAP_EEM_CVE-2020-6207
metasploit WORKING POC
rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/lib/msf/core/exploit/remote/http/sap_sol_man_eem_miss_auth.rb
metasploit WORKING POC
by Yvan Genuer, Pablo Artuso, Dmitry Chastuhin, Vladimir Ivanov · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/admin/sap/cve_2020_6207_solman_rce.rb
metasploit WORKING POC NORMAL
by Yvan Genuer, Pablo Artuso, Dmitry Chastuhin, Vladimir Ivanov · rubypoclinux
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/sap/cve_2020_6207_solman_rs.rb

Nuclei Templates (1)

SAP Solution Manager 7.2 - Remote Command Execution
CRITICALby _generic_human_

References (8)

Scores

CVSS v3 9.8
EPSS 0.9415
EPSS Percentile 99.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03
VulnCheck KEV 2021-04-08
InTheWild.io 2021-07-23
ENISA EUVD EUVD-2020-27357
CWE
CWE-306
Status published
Products (1)
sap/solution_manager 7.20
Published Mar 10, 2020
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026