Auth bypass in Sap Solution_manager

CVE-2020-6198

SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check.

Vulnerability class: Broken Authentication

EPSS: 0.014 (68.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Weakness classification (CWE)

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2020-6198?
CVE-2020-6198 is a critical-severity vulnerability in Sap Solution_manager, classified under Missing Authentication for Critical Function. CVSS score: 9.8/10. Published 2020-03-10.
How severe is CVE-2020-6198?
Critical severity. CVSS v3 base score is 9.8 out of 10.
Is CVE-2020-6198 known to be exploited?
2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.