Authentication Bypass in SAP Solution Manager and SAP Focused Run
CVE-2020-6369

7.5HIGH

Key Information:

Vendor
SAP
Status
Ca Introscope Enterprise Manager (affected Products: SAP Solution Manager And SAP Focused Run)
Vendor
CVE Published:
20 October 2020

Summary

SAP Solution Manager and SAP Focused Run are susceptible to an authentication bypass vulnerability that arises when default passwords for Admin and Guest accounts remain unchanged by administrators. This oversight allows unauthenticated attackers to gain unauthorized access, potentially compromising service confidentiality. It's crucial for administrators to take immediate measures to change these default credentials to mitigate risks.

Affected Version(s)

CA Introscope Enterprise Manager (Affected products: SAP Solution Manager and SAP Focused Run) < 9.7 < 9.7

CA Introscope Enterprise Manager (Affected products: SAP Solution Manager and SAP Focused Run) < 10.1 < 10.1

CA Introscope Enterprise Manager (Affected products: SAP Solution Manager and SAP Focused Run) < 10.5 < 10.5

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/2971638
x_refsource_MISC
http://seclists.org/fulldisclosure/2021/Jun/31
mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.