Skip to Content
Technical Articles
Author's profile photo Sankara Bavirisetti

SAP Security Bug in SAP Solution Manager (JAVA stack)

Overview

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. These include missing authentication check vulnerabilities affecting SAP Solution Manager (JAVA stack).

Automated probes for servers containing a severe vulnerability (CVE-2020-6207) in SAP software have been detected a week after a working exploit was published online.

CVE (CVSS v3)

CVE-2020-6207 (CVSS 10.0)

→Publish of exploit code increases risk of attacks.

Product (Version)

SAP Solution Manager 7.2 or older

URL(s)

  1. https://us-cert.cisa.gov/ncas/current-activity/2020/11/10/sap-releases-november-2020-security-updates (CISA)
  2. https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571 (SAP Advisory)
  3. https://www.zdnet.com/article/automated-exploit-of-critical-sap-solman-vulnerability-detected-in-the-wild/#ftag=RSSbaffb68(News EN)

Responses are required as soon as possible to 1), 2) and B) setting change or C) temporary system stop of 3) which is described below ASAP.

How to check them patch versions

Check the LM-SERVICE version in path below
start Page of Solution Manager Java system
-> System Information
-> Component information
-> find LM-SERVICE and check the version
(For example, 1000.7.20.11.5.XXXX, it means LM-SERVICE 7.20 SP11 Patch05)

If the patch level is lower than this definition, it is necessary to take countermeasures.

LM Service Component for JAVA Stack 7.20 SP10. [1000.7.20.10.0 è LM-SERVICE 7.20 SP10 Patch 0]

Please conduct the following countermeasures

  1. A) Upgrade Patch Level to the latest version
  2. B) If you cannot upgrade to the latest version of the patch level immediately, please change the following settings

Logon to SAP Net Weaver Administration on the SAP Solution Manager Java Stack, with SAP J2EE Admin user.

Navigate to Configuration > Infrastructure > Connectivity > Single Service Administration > Service Definitions.

Search for WSDL port Type with name ‘EemAdmin‘ and press ‘Go’.

Select it and display its configuration details in the lower ‘Details’ tab.

Press ‘Edit’ in the ‘Security’ tab of the EemAdminBeanPort and enable the following options in the Http Authentication section:

[x] User ID/Password
[  ] X.509 Client Certificate
[x] Logon Ticket

Then press save settings.

No restart is required.

  1. C) If you cannot upgrade or change the settings immediately shut down the system temporarily

After that, please update the latest version as soon as possible

Assigned tags

      3 Comments
      You must be Logged on to comment or reply to a post.
      Author's profile photo Peter Monaghan
      Peter Monaghan

      Dumb question: Our SolMan instances have no exposure to the internet. Does that lessen the severity of this exploit?

      Author's profile photo Sankara Bavirisetti
      Sankara Bavirisetti
      Blog Post Author

      Solution Manager is not frequently exposed to the internet, limiting the overall impact. However, this limitation does not preclude a local attacker from exploiting this flaw.

      Author's profile photo Peter Monaghan
      Peter Monaghan

      Good point! Thank you...