SAP Solution Manager is a software tool used by SAP customers to manage and monitor their SAP systems. It provides a centralized platform for managing system configuration, security, and monitoring. However, due to missing input sanitation, an authenticated attacker can inject malicious code when calling remote-enabled function modules, potentially leading to full control of the system.
You're affected if you use Due to missing. Specific version info not stated in the advisory. If you don't recognise this software, you're probably not affected.
Upgrade to SAP Solution Manager 7.5 SP10 or later versions.
- Immediately apply the patch: https://launchpad.sap.com/products/sap-solution-manager/7-5-sp10
- For immediate mitigations, restrict network access to your SAP Solution Manager instance (firewall it from the public internet) and monitor for suspicious activity.