.. / CVE-2020-6207

Exploit for SAP Solution Manager 7.2 - Remote Command Execution (CVE-2020-6207)

Description:

SAP Solution Manager (SolMan) running version 7.2 has a remote command execution vulnerability within the SAP EEM servlet (tc~smd~agent~application~eem). The vulnerability occurs due to missing authentication checks when submitting SOAP requests to the /EemAdminService/EemAdmin page to get information about connected SMDAgents, send HTTP request (SSRF), and execute OS commands on connected SMDAgent.

Nuclei Template

View the template here CVE-2020-6207.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2020/CVE-2020-6207.yaml

References:

https://nvd.nist.gov/vuln/detail/CVE-2020-6207
https://www.rapid7.com/db/modules/auxiliary/admin/sap/cve_2020_6207_solman_rce/
https://github.com/chipik/SAP_EEM_CVE-2020-6207
https://www.rapid7.com/db/modules/exploit/multi/sap/cve_2020_6207_solman_rs/
https://launchpad.support.sap.com/#/notes/2890213
https://i.blackhat.com/USA-20/Wednesday/us-20-Artuso-An-Unauthenticated-Journey-To-Root-Pwning-Your-Companys-Enterprise-Software-Servers-wp.pdf
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305

.. / CVE-2020-6207 if(localStorage["style"]=="true"){ document.getElementById('pagestyle').setAttribute('href','/assets/styleDark.css'); document.querySelector('input[type="checkbox"]').checked = true }

Exploit for SAP Solution Manager 7.2 - Remote Command Execution (CVE-2020-6207)

Description:

Nuclei Template

Validate with Nuclei

.. / CVE-2020-6207