CVE-2020-6369

Published: Oct 20, 2020Modified: Nov 21, 2024

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service.

Affected (8)

Products: Sap: Focused Run, Solution Manager

2 products

Solution Manager

Configuration A

8 vulnerable

Vulnerable Software	Affected Versions
Sap Focused Run	Version 10.1
Sap Focused Run	Version 10.5
Sap Focused Run	Version 10.7
Sap Focused Run	Version 9.7
Sap Solution Manager	Version 10.1
Sap Solution Manager	Version 10.5
Sap Solution Manager	Version 10.7
Sap Solution Manager	Version 9.7

References (8)

http://packetstormsecurity.com/files/163159/SAP-Wily-Introscope-Enterprise-Default-Hard-Coded-Credentials.html

Source: cna@sap.com

Third Party Advisory

http://seclists.org/fulldisclosure/2021/Jun/31

Source: cna@sap.com

Mailing ListThird Party Advisory

https://launchpad.support.sap.com/#/notes/2971638

Source: cna@sap.com

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196

Source: cna@sap.com

Vendor Advisory

http://packetstormsecurity.com/files/163159/SAP-Wily-Introscope-Enterprise-Default-Hard-Coded-Credentials.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://seclists.org/fulldisclosure/2021/Jun/31

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://launchpad.support.sap.com/#/notes/2971638

Source: af854a3a-2127-422b-91ae-364da2661108

Permissions RequiredVendor Advisory

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.