SAP Security Bug in SAP Solution Manager (JAVA stack)

Overview

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. These include missing authentication check vulnerabilities affecting SAP Solution Manager (JAVA stack).

Automated probes for servers containing a severe vulnerability (CVE-2020-6207) in SAP software have been detected a week after a working exploit was published online.

CVE (CVSS v3)

CVE-2020-6207 (CVSS 10.0)

→Publish of exploit code increases risk of attacks.

Product (Version)

SAP Solution Manager 7.2 or older

URL(s)

1. https://us-cert.cisa.gov/ncas/current-activity/2020/11/10/sap-releases-november-2020-security-updates (CISA)
2. https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571 (SAP Advisory)
3. https://www.zdnet.com/article/automated-exploit-of-critical-sap-solman-vulnerability-detected-in-the-wild/#ftag=RSSbaffb68(News EN)

Responses are required as soon as possible to 1), 2) and B) setting change or C) temporary system stop of 3) which is described below ASAP.

Ｈow to check them patch versions

Check the LM-SERVICE version in path below
start Page of Solution Manager Java system
-> System Information
-> Component information
-> find LM-SERVICE and check the version
(For example, 1000.7.20.11.5.XXXX, it means LM-SERVICE 7.20 SP11 Patch05)

If the patch level is lower than this definition, it is necessary to take countermeasures.

LM Service Component for JAVA Stack 7.20 SP10. [1000.7.20.10.0 è LM-SERVICE 7.20 SP10 Patch 0]

Please conduct the following countermeasures

1. A) Upgrade Patch Level to the latest version
2. B) If you cannot upgrade to the latest version of the patch level immediately, please change the following settings

Logon to SAP Net Weaver Administration on the SAP Solution Manager Java Stack, with SAP J2EE Admin user.

Navigate to Configuration > Infrastructure > Connectivity > Single Service Administration > Service Definitions.

Search for WSDL port Type with name ‘EemAdmin‘ and press ‘Go’.

Select it and display its configuration details in the lower ‘Details’ tab.

Press ‘Edit’ in the ‘Security’ tab of the EemAdminBeanPort and enable the following options in the Http Authentication section:

[x] User ID/Password
[  ] X.509 Client Certificate
[x] Logon Ticket

Then press save settings.

No restart is required.

1. C) If you cannot upgrade or change the settings immediately shut down the system temporarily

After that, please update the latest version as soon as possible