CVE-2020-6369
7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Summary
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | CA Introscope Enterprise Manager (Affected products: SAP Solution Manager and SAP Focused Run) | < 9.7 | affected |
| SAP SE | CA Introscope Enterprise Manager (Affected products: SAP Solution Manager and SAP Focused Run) | < 10.1 | affected |
| SAP SE | CA Introscope Enterprise Manager (Affected products: SAP Solution Manager and SAP Focused Run) | < 10.5 | affected |
| SAP SE | CA Introscope Enterprise Manager (Affected products: SAP Solution Manager and SAP Focused Run) | < 10.7 | affected |
Weaknesses
- Hard Coded Credentials
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
- https://launchpad.support.sap.com/#/notes/2971638
- http://seclists.org/fulldisclosure/2021/Jun/31
- http://packetstormsecurity.com/files/163159/SAP-Wily-Introscope-Enterprise-Default-Hard-Coded-Credentials.html
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
- https://launchpad.support.sap.com/#/notes/2971638
- http://seclists.org/fulldisclosure/2021/Jun/31
- http://packetstormsecurity.com/files/163159/SAP-Wily-Introscope-Enterprise-Default-Hard-Coded-Credentials.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.