CVE-2020-6369

Sažetak

SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service.

Reference

https://launchpad.support.sap.com/#/notes/2971638
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
http://seclists.org/fulldisclosure/2021/Jun/31
http://packetstormsecurity.com/files/163159/SAP-Wily-Introscope-Enterprise-Default-Hard-Coded-Credentials.html

CVSS

Base:	4.3
Impact:	2.9
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

17-06-2021 - 17:21

Objavljeno

20-10-2020 - 14:15