SAP Sap Solution Manager System 2008 1 700 Remote Code Execution Vulnerability

SAP Solution Manager

Summary

Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740).

Credit:

The information has been provided by SAP.
The original article can be found at: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=520259032


Details

SAP Solution Manager is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition. 

Vulnerable Systems:

  • SAP Solution Manager ST-PI 740
  • SAP Solution Manager ST-PI 2008_1_710
  • SAP Solution Manager ST-PI 2008_1_700

CVE Information:
CVE-2019-0293

Disclosure Timeline:
Publish Date:05/14/2019