CVE-2020-6369

7.5HIGH

Key Information:

Vendor: SAP
Status: Ca Introscope Enterprise Manager (affected Products: SAP Solution Manager And SAP Focused Run)
Vendor: CVE Published:; 20 October 2020

Summary

SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service.

Affected Version(s)

CA Introscope Enterprise Manager (Affected products: SAP Solution Manager and SAP Focused Run) < 9.7 < 9.7

CA Introscope Enterprise Manager (Affected products: SAP Solution Manager and SAP Focused Run) < 10.1 < 10.1

CA Introscope Enterprise Manager (Affected products: SAP Solution Manager and SAP Focused Run) < 10.5 < 10.5

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2971638

x_refsource_MISC

http://seclists.org/fulldisclosure/2021/Jun/31

mailing-listx_refsource_FULLDISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Oct 20, 2020
Vulnerability Reserved
Jan 8, 2020

.