ExtraHop Logo
Try ExtraHop
Menu iconX icon
  • Platformchevron right
  • Solutionschevron right
  • Modern NDRchevron right
  • Resourceschevron right
  • Companychevron right
User iconSign In
Contact Us

DETECTION OVERVIEW

SAP Solution Manager Exploit - CVE-2020-6207

Risk Factors

An unauthenticated attacker can leverage simple exploit code for this well-known vulnerability. A successful exploit enables an attacker to gain control of any device connected to a vulnerable SAP Solution Manager.

Kill Chain

Exploitation

Risk Score

83

Detection diagram
Next in Exploitation: SIGRed Exploit Attempt - CVE-2020-1350

Attack Background

The SAP Solution Manager manages connected SAP hosts throughout an enterprise network. To collect performance data, an SAP administrator can run scripts on an SAP host from the End User Experience Monitoring (EEM) application in the Solution Manager. A vulnerability exists in the EEM application that provides an unauthenticated attacker unrestricted access to all EEM functions. The attacker enables EEM endpoint on a target SAP host and then uploads a malicious script by sending an HTTP POST request to an EEM administrative endpoint on the SAP host. With the script, the attacker can run code on the victim SAP host.

Mitigation Options

Install relevant patches for affected versions

MITRE ATT&CK ID

What else can RevealX do for you?

View our Periodic Table of use casesArrow pointing right