SolMan is used centrally to manage on-premise, hybrid and cloud systems.
The vulnerability, which affects version 7.2 of the software, has been given the highest CVSS base score of 10.0 and is due to a missing authentication check.
Satnam Narang, staff research engineer at Tenable, said: "The recent publication of a proof-of-concept exploit script for a critical vulnerability in the SAP Solution Manager poses significant challenges for cyber defenders.
"The researchers who disclosed the vulnerability say they're seeing active attempts to scan for vulnerable systems that have not yet applied the patches. The patches have been available since March 2020.
"As we highlight in our 2020 Threat Landscape Retrospective report, unpatched vulnerabilities are much more valuable to cyber criminals than zero-day vulnerabilities.
"We also know that threat actors favour vulnerabilities with proof-of-concept exploits, as the Australian Cyber Security Centre noted in their Copy Paste Compromises report from June 2020.
"It is critical that businesses utilizing the SAP Solution Manager in their environments apply patches as soon as possible."