CVE-2020-26824

SAP Solution Manager JAVA stack, version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an impact to the integrity and availability of the service...

CVE-2020-26822

SAP Solution Manager JAVA stack, version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, this has an impact to the integrity and availability of the service...

CVE-2020-26822

SAP Solution Manager (JAVA stack) 7.20 is affected by CVE-2020-26822 due to missing authorization checks in the Outside Discovery Configuration Service, enabling an unauthenticated attacker to compromise the system with impact to integrity and availability. The consolidated sources (NVD entry and...

SAP Releases November 2020 Security Updates

SAP has released security updates to address vulnerabilities affecting multiple products. An attacker could exploit some of these vulnerabilities to take control of an affected system. These include missing authentication check vulnerabilities affecting SAP Solution Manager JAVA stack. The...

SAP Solution Manager and Focused Run Improper Authentication Vulnerability

SAP Solution Manager and SAP Focused Run are both products of SAP, a German company. SAP Solution Manager is a system management platform that integrates system monitoring, SAP support desktop, self-service, ASAP implementation and other functions. The platform can help customers establish SAP...

CVE-2020-6369

SAP Solution Manager and SAP Focused Run update provided in WILYINTROENTERPRISE 9.7, 10.1, 10.5, 10.7, allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of th...

CVE-2020-6369

SAP Solution Manager and SAP Focused Run update provided in WILYINTROENTERPRISE 9.7, 10.1, 10.5, 10.7, allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of th...

Authentication flaw

SAP Solution Manager and SAP Focused Run update provided in WILYINTROENTERPRISE 9.7, 10.1, 10.5, 10.7, allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of th...

CVE-2020-6369

CVE-2020-6369 affects SAP Solution Manager and SAP Focused Run. The issue allows an unauthenticated attacker to bypass login if the default passwords for Admin and Guest are not changed, impacting confidentiality. Affected versions are SAP Solution Manager and SAP Focused Run with updates in WILY...

CVE-2020-6369

SAP Solution Manager and SAP Focused Run update provided in WILYINTROENTERPRISE 9.7, 10.1, 10.5, 10.7, allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of th...

PT-2020-19142 · Sap · Sap Solution Manager +1

Name of the Vulnerable Software and Affected Versions: SAP Solution Manager and SAP Focused Run versions 9.7, 10.1, 10.5, 10.7 Description: The issue allows an unauthenticated attacker to bypass authentication if the default passwords for Admin and Guest have not been changed by the administrator...

SAP Solution Manager and SAP Focused Run Operating System Command Injection Vulnerability

SAP Solution Manager is a system management platform that integrates multiple functions such as system monitoring, SAP support desktop, self-service, and ASAP implementation. The platform can help customers establish SAP solution lifecycle management, and provide system monitoring, remote support...

Code injection

SAP Solution Manager and SAP Focused Run update provided in WILYINTROENTERPRISE 9.7, 10.1, 10.5, 10.7, allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection...

CVE-2020-6364

CVE-2020-6364 affects SAP Solution Manager and SAP Focused Run. Exploitation allows an attacker to modify a cookie to execute OS commands, potentially gaining control of the host running CA Introscope Enterprise Manager and causing code injection, with read/modify of system files and impact to av...

CVE-2020-6364 — OS Command Injection Vulnerability in CA Introscope Enterprise Manager (Affected Products: SAP Solution Manager and SAP Focused Run)

SAP Solution Manager and SAP Focused Run update provided in WILYINTROENTERPRISE 9.7, 10.1, 10.5, 10.7, allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection...

Vulnerabilities fixed in SAP

Several vulnerabilities have been fixed in various SAP products. SAP has identified two of these vulnerabilities as urgent. The first of these two vulnerabilities is located in SAP Solution Manager and has a CVSS score of 10.0 CVE-2020-6364. A unauthenticated remote malicious agent could...

Vulnerabilities fixed in SAP products

Vulnerabilities have been fixed in SAP products. An authentication check was missing in SAP Solution Manager. The vulnerabilities in SAP BusinessObjects Business Intelligence Platform were not explained further. SAP has released updates to fix the vulnerabilities. More information can be found on...

SAP Solution Manager Injection Vulnerability

SAP Solution Manager is a set of system monitoring, SAP support desktop, self-service, ASAP implementation and other functions of the German SAP company as one of the system management platform. The platform can help customers establish SAP solution lifecycle management, and provide system...

CVE-2020-6261

SAP Solution Manager Trace Analysis, version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired...

CVE-2020-6261

SAP Solution Manager Trace Analysis, version 7.20, allows an attacker to perform a log injection into the trace file, due to Incomplete XML Validation. The readability of the trace file is impaired...