SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/163159/SAP-Wily-Introscope-Enterprise-Default-Hard-Coded-Credentials.html | Third Party Advisory |
http://seclists.org/fulldisclosure/2021/Jun/31 | Mailing List Third Party Advisory |
https://launchpad.support.sap.com/#/notes/2971638 | Permissions Required Vendor Advisory |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2020-10-20T13:30:36
Updated: 2021-06-15T20:06:24
Reserved: 2020-01-08T00:00:00
Link: CVE-2020-6369
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-10-20T14:15:14.897
Modified: 2021-06-17T17:21:14.517
Link: CVE-2020-6369
JSON object: View
Redhat Information
No data.
CWE