← Zuruck zu CVEs
CVE-2020-6364
CRITICAL10.0
Beschreibung
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability.
CVE Details
CVSS v3.1 Bewertung10.0
SchweregradCRITICAL
CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
AngriffsvektorNETWORK
KomplexitatLOW
Erforderliche PrivilegienNONE
BenutzerinteraktionNONE
Veroffentlicht10/15/2020
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
sap:introscope_enterprise_manager
Schwachen (CWE)
CWE-78
Referenzen
http://packetstormsecurity.com/files/163153/SAP-Wily-Introscope-Enterprise-OS-Command-Injection.html(cna@sap.com)
http://seclists.org/fulldisclosure/2021/Jun/28(cna@sap.com)
https://launchpad.support.sap.com/#/notes/2969828(cna@sap.com)
http://packetstormsecurity.com/files/163153/SAP-Wily-Introscope-Enterprise-OS-Command-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2021/Jun/28(af854a3a-2127-422b-91ae-364da2661108)
https://launchpad.support.sap.com/#/notes/2969828(af854a3a-2127-422b-91ae-364da2661108)
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.