Subscribe via feed.

SAP Solution Manager 7.2 Remote Command Execution

Posted by deepcore on March 27, 2021 – 6:41 pm

This Metasploit module exploits the CVE-2020-6207 vulnerability within the SAP EEM servlet of SAP Solution Manager (SolMan) running version 7.2. The vulnerability occurs due to missing authentication checks when submitting a SOAP request to the /EemAdminService/EemAdmin page to get information about connected SMDAgents allowing an attacker to send HTTP requests (SSRF) and execute OS commands on the connected SMDAgent. Works stable in connected SMDAgent with Java version 1.8. Successful exploitation will allow unauthenticated remote attackers to get a reverse shell from connected to the SolMan agent as the user under which it runs SMDAgent service, which is usually daaadm.


This post is under “exploit” and has no respond so far.
If you enjoy this article, make sure you subscribe to my RSS Feed.

Post a reply

You must be logged in to post a comment.