CVE-2020-6271

moderate-risk

Published 2020-06-10

SAP Solution Manager (Problem Context Manager), version 7.2, does not perform the necessary authentication, allowing an attacker to consume large amounts of memory, causing the system to crash and read restricted data (files visible for technical administration users of the diagnostics agent).

Do I need to act?

0.53% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.2/10 High

NETWORK / LOW complexity

Affected Products (1)

Solution Manager

Affected Vendors

Sap

References (4)

Permissions Required https://launchpad.support.sap.com/#/notes/2931391

Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775

Permissions Required https://launchpad.support.sap.com/#/notes/2931391

Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775

/ 100

moderate-risk

Severity 28/34 · Critical

Exploitability 2/34 · Minimal

Exposure 5/34 · Minimal