CVE-2020-6207

KEV EPSS 94.15% · P100 Updated Feb 24, 2026

Public Exploits 3

Metasploit · 2 cve_2020_6207_solman_rs.rb [exploit] cve_2020_6207_solman_rce.rb [auxiliary]

Nuclei · 1 CVE-2020-6207.yaml [template]

In-the-Wild Activity Observed cisa_kev · confirmed

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2020-6207

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Description

SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.

Source: NVD (National Vulnerability Database)

CVSS Information

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Type

N/A

Source: NVD (National Vulnerability Database)

Vulnerability Title

SAP Solution Manager 访问控制错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

SAP Solution Manager是德国思爱普（SAP）公司的一套集系统监控、SAP支持桌面、自助服务、ASAP实施等多个功能为一体的系统管理平台。该平台可以帮助客户建立SAP解决方案的生命周期管理，并提供系统监控、远程支持服务和SAP产品组件升级等功能。 SAP Solution Manager (User Experience Monitoring) 7.2版本中存在安全漏洞，该漏洞源于程序没有对服务进行任意的身份验证。攻击者可利用该漏洞入侵所有连接Solution Manager的SMDAge

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Shenlong Deep Dive — AI Deep Analysis

10-question deep dive: root cause, exploitation, mitigation, urgency. Read summary free, full version requires login.

Read summary Full analysis (login)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
SAP SE	SAP Solution Manager (User Experience Monitoring)	< 7.2	-

II. Public POCs for CVE-2020-6207

#	POC Description	Source Link	Shenlong Link
1	PoC for CVE-2020-6207 (Missing Authentication Check in SAP Solution Manager)	https://github.com/chipik/SAP_EEM_CVE-2020-6207	POC Details
2	SAP Solution Manager (SolMan) running version 7.2 has a remote command execution vulnerability within the SAP EEM servlet (tc~smd~agent~application~eem). The vulnerability occurs due to missing authentication checks when submitting SOAP requests to the /EemAdminService/EemAdmin page to get information about connected SMDAgents, send HTTP request (SSRF), and execute OS commands on connected SMDAgent.	https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2020/CVE-2020-6207.yaml	POC Details

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2020-6207

请登录查看更多情报信息。

http://packetstormsecurity.com/files/162083/SAP-SMD-Agent-Unauthenticated-Remote-Code-Execution.htmlx_refsource_MISC
https://launchpad.support.sap.com/#/notes/2890213x_refsource_MISC
Packet Stormx_refsource_MISC
http://packetstormsecurity.com/files/161993/SAP-Solution-Manager-7.2-Remote-Command-Execution.htmlx_refsource_MISC
http://seclists.org/fulldisclosure/2021/Apr/4mailing-listx_refsource_FULLDISC
http://seclists.org/fulldisclosure/2021/Jun/34mailing-listx_refsource_FULLDISC
https://nvd.nist.gov/vuln/detail/CVE-2020-6207

Same Patch Batch · SAP SE · 2020-03-10 · 16 CVEs total

CVE-2020-6178		SAP Enable Now 代码问题漏洞
CVE-2020-6196		SAP BusinessObjects Mobile 安全漏洞
CVE-2020-6197		SAP Enable Now 代码问题漏洞
CVE-2020-6198		SAP Solution Manager 授权问题漏洞
CVE-2020-6199		SAP ERP 安全漏洞
CVE-2020-6200		SAP Commerce SmartEdit Extension 跨站脚本漏洞
CVE-2020-6201		SAP Commerce 跨站脚本漏洞
CVE-2020-6202		SAP NetWeaver Application Server Java 代码问题漏洞
CVE-2020-6203		SAP NetWeaver UDDI Server 路径遍历漏洞
CVE-2020-6204		SAP Treasury and Risk Management 安全漏洞
CVE-2020-6205		SAP NetWeaver AS ABAP Business Server Pages 跨站脚本漏洞
CVE-2020-6206		SAP Cloud Platform Integration for Data Services 跨站请求伪造漏洞
CVE-2020-6208		SAP Business Objects Business Intelligence Platform 代码注入漏洞
CVE-2020-6209		SAP Disclosure Management 安全漏洞
CVE-2020-6210		SAP Fiori Launchpad 跨站脚本漏洞

IV. Related Vulnerabilities

Same product: SAP Solution Manager (User Experience Monitoring)

Same vendor: SAP SE

V. Comments for CVE-2020-6207

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2020-6207

Public Exploits 3

I. Basic Information for CVE-2020-6207

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Shenlong Deep Dive — AI Deep Analysis

Affected Products

II. Public POCs for CVE-2020-6207

III. Intelligence Information for CVE-2020-6207

Same Patch Batch · SAP SE · 2020-03-10 · 16 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2020-6207

Leave a comment