Security Advisory 2021-004

Release Date:

Critical Vulnerability in SAP Solution Manager



  • 22/01/2021 --- v1.0 -- Initial publication


On the 10th of March 2020, SAP released several patches for their products. One of them fixes a critical vulnerability in SAP Solution Manager - User-Experience Monitoring. This vulnerability could lead to remote code execution on every system connected to the Solution Manager [1]. Last week, a proof-of-concept has been publicly released [2], thus increasing the compromise possibility. Applying the patch is highly recommended.

Technical Details

Identified by CVE-2020-6207, this vulnerability is due to missing authentication checks. A remote, unauthenticated attacker could exploit this weakness to deploy and execute scripts and operating system commands on all SMDAgents connected to the Solution Manager [3].

Affected products

The following product is affected by the vulnerability:

  • SAP Solution Manager 7.2


It is recommended to apply the patches from SAP for all servers.





We got cookies

We only use cookies that are necessary for the technical functioning of our website. Find out more on here.