Vulnerability Description
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Introscope Enterprise Manager | 9.7 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/163153/SAP-Wily-Introscope-Enterprise-OS-CoThird Party Advisory
- http://seclists.org/fulldisclosure/2021/Jun/28Mailing ListThird Party Advisory
- https://launchpad.support.sap.com/#/notes/2969828Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196Vendor Advisory
- http://packetstormsecurity.com/files/163153/SAP-Wily-Introscope-Enterprise-OS-CoThird Party Advisory
- http://seclists.org/fulldisclosure/2021/Jun/28Mailing ListThird Party Advisory
- https://launchpad.support.sap.com/#/notes/2969828Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196Vendor Advisory
FAQ
What is CVE-2020-6364?
CVE-2020-6364 is a vulnerability with a CVSS score of 10.0 (CRITICAL). SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potential...
How severe is CVE-2020-6364?
CVE-2020-6364 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-6364?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Introscope Enterprise Manager.