limkedin Skip to main content

Online exploit released for SAP critical vulnerability in SAP Solution Manager

By 26 January 2021January 7th, 2022No Comments
Online exploit released for SAP critical vulnerability in SAP Solution Manager

Last week, an exploit has been released that can be used to exploit a critical vulnerability in SAP systems. This vulnerability, concerning CVE-2020-620, is a bug in the SAP Solution Manager 7.2 and is given a CVSS base score of 10.0, the highest severity rating available. A missing authentication check is the cause, where the vulnerability can be exploited without credentials such as a user or password.

The SAP Solution Manager is a key application that is in the heart of your SAP landscape and used by almost every customer for centralized functions like technical monitoring, for example. SAP released a fix for this vulnerability in March 2020 via SAP Security note #2890213. For any customers that did not yet apply this fix, the time to patch is now as the risk of a successful attack has increased with the release of this exploit. 

Dmitry Chastuhin, an SAP security researcher, released a PoC exploit for CVE-2020-6207 for educational purposes. The PoC code can be used to check if your installation is vulnerable for example. As found in this article, online exploitation attempts are already seen in the wild, so patching is of utmost importance. 

If SAP IT staff already applied the fix, there is no reason for concern and your SAP systems are safe. Checking that this is the case can be a daunting task in the complex world of SAP systems. In the case where your SAP Solution Manager systems are exposed online, it is really important to make sure your systems are patched. As stated earlier, making sure SAP systems are secure and stay secure, a proper patch management process is critical. 

The Protect4S Vulnerability Management solution has onboard detection for assets in your SAP landscape that has not been patched for this vulnerability and hundreds of other vulnerabilities. Specific IDS rules to detect this vulnerability in your network can also be found here.