Vulnerability Description
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Focused Run | 9.7 |
| Sap | Solution Manager | 9.7 |
References
- http://packetstormsecurity.com/files/163159/SAP-Wily-Introscope-Enterprise-DefauThird Party Advisory
- http://seclists.org/fulldisclosure/2021/Jun/31Mailing ListThird Party Advisory
- https://launchpad.support.sap.com/#/notes/2971638Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196Vendor Advisory
- http://packetstormsecurity.com/files/163159/SAP-Wily-Introscope-Enterprise-DefauThird Party Advisory
- http://seclists.org/fulldisclosure/2021/Jun/31Mailing ListThird Party Advisory
- https://launchpad.support.sap.com/#/notes/2971638Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196Vendor Advisory
FAQ
What is CVE-2020-6369?
CVE-2020-6369 is a vulnerability with a CVSS score of 5.9 (MEDIUM). SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for...
How severe is CVE-2020-6369?
CVE-2020-6369 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-6369?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Focused Run, Sap Solution Manager.