PT-2020-19137 · Sap+1 · Sap Focused Run+2

Published

2020-10-15

Updated

2021-06-17

CVE-2020-6364

CVSS v3.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SAP Solution Manager and SAP Focused Run versions prior to the update provided in WILY INTRO ENTERPRISE 9.7, 10.1, 10.5, 10.7

Description The issue allows an attacker to modify a cookie, enabling the execution of OS commands and potentially gaining control over the host running the CA Introscope Enterprise Manager. This leads to code injection, allowing the attacker to read and modify all system files and impact system availability.

Recommendations For SAP Solution Manager and SAP Focused Run versions prior to the update provided in WILY INTRO ENTERPRISE 9.7, 10.1, 10.5, 10.7, update to the version that includes the provided update to resolve the issue.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2020-6364

Affected Products

Ca Introscope Enterprise Manager

Sap Focused Run

Sap Solution Manager

PT-2020-19137 · Sap+1 · Sap Focused Run+2

CVE-2020-6364

Weakness Enumeration

Related Identifiers

Affected Products

References · 9