CYBEREXCELL

Automated probes for servers containing a severe vulnerability in SAP  software have been detected a week after a working exploit was published online.  The vulnerability, tracked as  CVE-2020-6207 , is a bug in SAP Solution Manager (SolMan), version 7.2.  The vulnerability has been awarded a CVSS base score of 10.0 -- the highest severity rating available -- and is caused by a missing authentication check. SolMan's End user Experience Monitoring (EEM) function contained the authentication issue. EEM can be used to deploy scripts in other systems, and as a result, compromising EEM can lead to the hijack of "every system" connected to SolMan via remote code execution (RCE)  SAP issued a patch for CVE-2020-6207 in March 2020 (SAP Security Note #2890213). However, for any servers left unpatched, there is now a heightened risk of compromise with the public release of a working Proof-of-Concept (PoC) exploit code. Last week,  Dmitry Chastuhin  released a Po...