CVE-2020-6198
First published: Tue Mar 10 2020(Updated: )
SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Solution Manager | =7.20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-6198?
The severity of CVE-2020-6198 is critical with a CVSS score of 9.8.
What is the affected software for CVE-2020-6198?
The affected software for CVE-2020-6198 is SAP Solution Manager version 7.20.
How does CVE-2020-6198 allow an attacker to control all remote functions on the Agent?
CVE-2020-6198 allows an attacker to control all remote functions on the Agent due to Missing Authentication Check.
How can I fix the vulnerability CVE-2020-6198?
To fix CVE-2020-6198, it is recommended to apply the necessary security patches provided by SAP and enforce encrypted connections.
Where can I find more information about CVE-2020-6198?
You can find more information about CVE-2020-6198 at the following references: [SAP Note 2845377](https://launchpad.support.sap.com/#/notes/2845377) and [SAP SCN Wiki](https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305).
- collector/nvd-index
- agent/severity
- agent/author
- agent/weakness
- agent/tags
- agent/event
- agent/type
- agent/references
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- vendor/sap
- canonical/sap solution manager
- version/sap solution manager/7.20