CVE-2020-6364
SAP Wily Introscope Enterprise OS Command Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability.
SAP Solution Manager y SAP Focused Run (actualización proporcionada en WILY_INTRO_ENTERPRISE versiones 9.7, 10.1, 10.5, 10.7), permite a un atacante modificar una cookie de manera que los comandos del Sistema Operativo puedan ser ejecutados y potencialmente conseguir el control sobre el host que ejecuta CA Introscope Enterprise Manager, conllevando a una inyección de código. Con esto, el atacante es capaz de leer y modificar todos los archivos del sistema y también afectar la disponibilidad del sistema
SAP Wily Introscope Enterprise versions 9.7, 10.1, 10.5, and 10.7 suffer from a command injection vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-01-08 CVE Reserved
- 2020-10-15 CVE Published
- 2022-08-17 First Exploit
- 2024-08-04 CVE Updated
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| http://packetstormsecurity.com/files/163153/SAP-Wily-Introscope-Enterprise-OS-Command-Injection.html | Third Party Advisory |
|
| http://seclists.org/fulldisclosure/2021/Jun/28 | Mailing List |
|
| URL | Date | SRC |
|---|---|---|
| https://github.com/gquere/CVE-2020-6364 | 2022-08-17 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196 | 2021-06-17 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Introscope Enterprise Manager Search vendor "Sap" for product "Introscope Enterprise Manager" | 9.7 Search vendor "Sap" for product "Introscope Enterprise Manager" and version "9.7" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Introscope Enterprise Manager Search vendor "Sap" for product "Introscope Enterprise Manager" | 10.1 Search vendor "Sap" for product "Introscope Enterprise Manager" and version "10.1" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Introscope Enterprise Manager Search vendor "Sap" for product "Introscope Enterprise Manager" | 10.5 Search vendor "Sap" for product "Introscope Enterprise Manager" and version "10.5" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Introscope Enterprise Manager Search vendor "Sap" for product "Introscope Enterprise Manager" | 10.7 Search vendor "Sap" for product "Introscope Enterprise Manager" and version "10.7" | - |
Affected
| ||||||