SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSap Solution Manager
APPSap7.20
CISA KEV — detailsi
- Vendori
- SAP
- Producti
- Solution Manager
- Added to KEVi
- November 3, 2021
- Remediation deadline (US Federal)i
- May 3, 2022(overdue)
Apply updates per vendor instructions.
SAP Solution Manager User Experience Monitoring contains a missing authentication for critical function vulnerability which results in complete compromise of all SMDAgents connected to the Solution Manager.
Related vulnerabilities
Solution Manager (Diagnostics Root Cause Analysis Tools) - version 720, allows an administrator to execute cod...
SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a...
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system...
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system...
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system...