Lucene search

SapCVELIST:CVE-2020-6198

HistoryMar 10, 2020 - 8:18 p.m.

CVE-2020-6198

2020-03-1020:18:20

sap

www.cve.org

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

64.7%

JSON

SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check.

CNA Affected

[
  {
    "product": "SAP Solution Manager (Diagnostics Agent)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 7.2"
      }
    ]
  }
]

References

launchpad.support.sap.com/#/notes/2845377

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.002

Percentile

64.7%

JSON

Related for CVELIST:CVE-2020-6198