SAP Sap Solution Manager System 2008 1 700 Remote Code Execution Vulnerability

SAP Solution Manager


Read of RFC destination does not always perform necessary authorization checks, resulting in escalation of privileges to access information on RFC destinations on managed systems and SAP Solution Manager system (ST-PI, before versions 2008_1_700, 2008_1_710, and 740).


The information has been provided by SAP.
The original article can be found at:


SAP Solution Manager is prone to a remote code-execution vulnerability.This allows a remote attacker to exploit this issue to execute arbitrary code in the context of the user running the affected application. Failed exploit attempts may result in a denial-of-service condition. 

Vulnerable Systems:

  • SAP Solution Manager ST-PI 740
  • SAP Solution Manager ST-PI 2008_1_710
  • SAP Solution Manager ST-PI 2008_1_700

CVE Information:

Disclosure Timeline:
Publish Date:05/14/2019