← Retour aux CVEs
CVE-2020-6364
CRITICAL10.0
Description
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability.
Details CVE
Score CVSS v3.110.0
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie10/15/2020
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
sap:introscope_enterprise_manager
Faiblesses (CWE)
CWE-78
References
http://packetstormsecurity.com/files/163153/SAP-Wily-Introscope-Enterprise-OS-Command-Injection.html(cna@sap.com)
http://seclists.org/fulldisclosure/2021/Jun/28(cna@sap.com)
https://launchpad.support.sap.com/#/notes/2969828(cna@sap.com)
http://packetstormsecurity.com/files/163153/SAP-Wily-Introscope-Enterprise-OS-Command-Injection.html(af854a3a-2127-422b-91ae-364da2661108)
http://seclists.org/fulldisclosure/2021/Jun/28(af854a3a-2127-422b-91ae-364da2661108)
https://launchpad.support.sap.com/#/notes/2969828(af854a3a-2127-422b-91ae-364da2661108)
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.