Missing Authentication Check in SAP Solution Manager (Diagnostics Agent) 720: Allowing Unencrypted Connections from Unauthenticated Sources

Missing Authentication Check in SAP Solution Manager (Diagnostics Agent) 720: Allowing Unencrypted Connections from Unauthenticated Sources

CVE-2020-6198 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

SAP Solution Manager (Diagnostics Agent), version 720, allows unencrypted connections from unauthenticated sources. This allows an attacker to control all remote functions on the Agent due to Missing Authentication Check.

Learn more about our Web Application Penetration Testing UK.