SAP Solution Manager (sometimes referred to as "SolMan" by administrators) is an application lifecycle management (ALM) platform used for implementing, maintaining, and integrating SAP systems, troubleshooting problems, while ensuring monitored systems are safe, clean, and run smoothly.

As the main management solution for SAP users, SAP Solution Manager combines different tools and direct access to SAP to ensure its reliability and stability.

This tool helps system administrators make changes to IT environments, monitor solutions in real-time, integrate new on-premise or cloud solutions, test solution updates, record business processes, and control access privileges, among many other functions.


The Sangfor Security Team detected that a remote code execution vulnerability CVE-2020-6207 in the SAP Solution Manager component was disclosed. The vulnerability has been classified as critical and was caused by a lack of authentication in the SAP Solution Manager End User Experience Monitoring (EEM). EEM can be used to deploy scripts on other systems, resulting in remote code execution. Attackers can craft malicious data to perform remote code execution, thereby controlling all systems connected to the SAP Solution Manager and executing arbitrary code.


SAP Solution Manager is very popular due to its reliability and stability. This vulnerability is classified as critical and received a 10 out of 10 score on the Common Vulnerability Scoring System (CVSS).

Affected SAP Solution Manager Versions:
SAP Solution Manager 7.2 and earlier versions


  • Mar 10, 2020 Researchers published their results at the 2020 Black Hat Security Conference and disclosed this vulnerability.
  • Jan 14, 2021 The Proof of Concept (PoC) exploit of this vulnerability was released on GitHub.
  • Jan 27, 2021 Sangfor FarSight Labs released a vulnerability alert and solutions.

Remediation Solution

SAP has released a patch to fix this vulnerability. Please download and install it from the following link:

Sangfor Solution

  1. For Sangfor NGAF customers, click Update on Security Capability Update.
  2. Sangfor Cloud WAF has automatically updated its database in the cloud. Users are already protected from this vulnerability without any additional operation required.
  3. Sangfor Cyber Command detects attacks which exploit this vulnerability and can alert users in real-time. Users can integrate Cyber Command with NGAF to block an attacker's IP address.
  4. Sangfor SOC has Sangfor security specialists available 24/7 to help you resolve any security issues. After rule update release, Sangfor security experts check and update the customer's vulnerability detection equipment and perform a vulnerability scan of the customer's network environment to ensure that the customer's host is free from this vulnerability. For users with vulnerabilities, the SOC regularly reviews and updates device policies to ensure protection against this vulnerability.

Listen To This Post


Get in Touch

Get in Touch with Sangfor Team for Business Inquiry

Related Articles

Cyber Security

Ransomware Attacks in Asia on the Rise, Are You Next?

Date : 09 Aug 2022
Read Now

Cyber Security

How to Level Up Your Incident Response Plan

Date : 28 Jul 2022
Read Now

Cyber Security

What is a Phishing Attack and How to Defend Against Them

Date : 27 Jul 2022
Read Now

See Other Product

Cyber Command - NDR Platform
Endpoint Secure
Internet Access Gateway (IAG)
NGAF - Next Generation Firewall (NGFW)
SASE Access
icon notification