CVE-2020-6369

SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.9 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
sapCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
VendorProductVersion
sapfocused_run
9.7
sapfocused_run
10.1
sapfocused_run
10.5
sapfocused_run
10.7
sapsolution_manager
9.7
sapsolution_manager
10.1
sapsolution_manager
10.5
sapsolution_manager
10.7
𝑥
= Vulnerable software versions
References
http://packetstormsecurity.com/files/163159/SAP-Wily-Introscope-Enterprise-Default-Hard-Coded-Credentials.html
http://seclists.org/fulldisclosure/2021/Jun/31
https://launchpad.support.sap.com/#/notes/2971638
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
http://packetstormsecurity.com/files/163159/SAP-Wily-Introscope-Enterprise-Default-Hard-Coded-Credentials.html
http://seclists.org/fulldisclosure/2021/Jun/31
https://launchpad.support.sap.com/#/notes/2971638
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196