CVE-2020-6207 CRITICAL

CVE-2020-6207

Vendor Sap Se
Product SAP Solution Manager (User Experience Monitoring)
KEV Status Known Exploited
Published March 10, 2020
Last update October 21, 2025

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

SAP Solution Manager (User Experience Monitoring), version- 7.2, due to Missing Authentication Check does not perform any authentication for a service resulting in complete compromise of all SMDAgents connected to the Solution Manager.

CISA mandated remediation

02CISA Required Action

Apply updates per vendor instructions.

Key dates

03Disclosure timeline

March 10, 2020 CVE published
October 21, 2025 Record updated