CVE-2020-26830

Name of the Vulnerable Software and Affected Versions SAP Solution Manager 7.2 (User Experience Monitoring) version 7.2

Description The issue arises from inadequate access control, allowing a network attacker authenticated as a regular user to perform operations restricted to administrators. This includes changing the User Experience Monitoring configuration, obtaining details about configured SAP Solution Manager agents, and deploying a malicious User Experience Monitoring script.

Recommendations For SAP Solution Manager 7.2 (User Experience Monitoring) version 7.2, consider restricting access to the User Experience Monitoring configuration and agent details to minimize the risk of exploitation. As a temporary workaround, limit the use of operations that can be used to deploy scripts until a proper fix is applied. At the moment, there is no information about a newer version that contains a fix for this vulnerability.