Security News > 2021 > January > SAP SolMan exploit released for max severity pre-auth flaw

SAP SolMan exploit released for max severity pre-auth flaw
2021-01-22 20:24

Fully-functional exploit code is now publicly available for a maximum severity pre-auth vulnerability impacting default configurations of an SAP Solution Manager component.

SAP SolMan is an application lifecycle manager deployed in almost all SAP environments and designed to help unify the management of all SAP and non-SAP systems within a single interface.

It can be remotely exploited in low complexity attacks by unauthenticated attackers with access to the SolMan HTTP(s) port, with no user interaction required, which explains its 10/10 CVSS3 severity rating given by SAP. Although the vulnerability was disclosed and patched by SAP in March 2020, this is the first time that public exploit code was released which drastically lowers the skill level needed by attackers to exploit servers unpatched against CVE-2020-6207.

"While exploits are released regularly online, this hasn't been the case for SAP vulnerabilities, for which publicly available exploits have been limited," Onapsis Research Labs, who first spotted the public exploit after being published by a security researcher on GitHub, said in a report published earlier this week.

To fully mitigate attacks attempting to exploit CVE-2020-6207 on their SAP systems, organizations have to apply the security update released by SAP in March 2020.

The security researcher who published the CVE-2020-6207 exploit code on GitHub also released a proof-of-concept exploit for another maximum severity remote code execution vulnerability in the SAP NetWeaver AS JAVA component, discovered and named RECON by Onapsis.


News URL

https://www.bleepingcomputer.com/news/security/sap-solman-exploit-released-for-max-severity-pre-auth-flaw/

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2020-03-10 CVE-2020-6207 Missing Authentication for Critical Function vulnerability in SAP Solution Manager 7.20
SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.
network
low complexity
sap CWE-306
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
SAP 328 25 679 386 113 1203