"Exploit Allows Root Access to SAP"

A team of researchers with Onapsis Research Labs discovered a publicly available exploit on the code-hosting platform GitHub that affects SAP. The exploit was published on January 14 by a Russian researcher named Dmitry Chastuhin. According to the researchers, the exploit can be used against the SAP Solution Manager (SolMan), an administrative system similar to Active Directory in Windows that is employed in every SAP environment. The fully functional exploit abuses a vulnerability tracked as CVE-2020-6207 in which the SAP SolMan does not perform any authentication checks for a service. The exploitation of this vulnerability could lead to a takeover of all SMDAgents connected to the Solution Manager. An attack through the abuse of this flaw puts an organization's mission-critical data, SAP applications, and business processes at risk. This article continues to discuss the publicly available exploit that enables root access to SAP and the impact that this exploit could have on organizations' cybersecurity and regulatory compliance.

Infosecurity Magazine reports "Exploit Allows Root Access to SAP"