CVE-2020-6369
Summary
| CVE | CVE-2020-6369 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-10-20 14:15:00 UTC |
| Updated | 2021-06-17 17:21:00 UTC |
| Description | SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Sap | Focused Run | 10.1 | All | All | All |
| Application | Sap | Focused Run | 10.5 | All | All | All |
| Application | Sap | Focused Run | 10.7 | All | All | All |
| Application | Sap | Focused Run | 9.7 | All | All | All |
| Application | Sap | Focused Run | 10.1 | All | All | All |
| Application | Sap | Focused Run | 10.5 | All | All | All |
| Application | Sap | Focused Run | 10.7 | All | All | All |
| Application | Sap | Focused Run | 9.7 | All | All | All |
| Application | Sap | Solution Manager | 10.1 | All | All | All |
| Application | Sap | Solution Manager | 10.5 | All | All | All |
| Application | Sap | Solution Manager | 10.7 | All | All | All |
| Application | Sap | Solution Manager | 9.7 | All | All | All |
| Application | Sap | Solution Manager | 10.1 | All | All | All |
| Application | Sap | Solution Manager | 10.5 | All | All | All |
| Application | Sap | Solution Manager | 10.7 | All | All | All |
| Application | Sap | Solution Manager | 9.7 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| SAP Wily Introscope Enterprise Default Hard-Coded Credentials ≈ Packet Storm | MISC | packetstormsecurity.com | |
| SAP Security Patch Day – October 2020 - Product Security Response at SAP - Community Wiki | MISC | wiki.scn.sap.com | Vendor Advisory |
| Full Disclosure: Onapsis Security Advisory 2021-0009: Hard-coded Credentials in CA Introscope Enterprise Manager | FULLDISC | seclists.org | |
| launchpad.support.sap.com | MISC | launchpad.support.sap.com | Permissions Required, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.