CVE-2020-6364

SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability.

CVSS v3 10.0 CRITICAL
CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://packetstormsecurity.com/files/163153/SAP-Wily-Introscope-Enterprise-OS-Command-Injection.html	Third Party Advisory
http://seclists.org/fulldisclosure/2021/Jun/28	Mailing List Third Party Advisory
https://launchpad.support.sap.com/#/notes/2969828	Permissions Required Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:sap:introscope_enterprise_manager:9.7:::::::*
	cpe:2.3:a:sap:introscope_enterprise_manager:10.1:::::::*
	cpe:2.3:a:sap:introscope_enterprise_manager:10.5:::::::*
	cpe:2.3:a:sap:introscope_enterprise_manager:10.7:::::::*

History

No history.

Information

Published : 2020-10-15 02:15

Updated : 2024-02-28 18:08

NVD link : CVE-2020-6364

Mitre link : CVE-2020-6364

CVE.ORG link : CVE-2020-6364

JSON object : View

Products Affected

sap

introscope_enterprise_manager

CWE

CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

{"id": "CVE-2020-6364", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Secondary", "source": "cna@sap.com", "cvssData": {"scope": "CHANGED", "version": "3.0", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 10.0, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.9}]}, "published": "2020-10-15T02:15:12.780", "references": [{"url": "http://packetstormsecurity.com/files/163153/SAP-Wily-Introscope-Enterprise-OS-Command-Injection.html", "tags": ["Third Party Advisory"], "source": "cna@sap.com"}, {"url": "http://seclists.org/fulldisclosure/2021/Jun/28", "tags": ["Mailing List", "Third Party Advisory"], "source": "cna@sap.com"}, {"url": "https://launchpad.support.sap.com/#/notes/2969828", "tags": ["Permissions Required", "Vendor Advisory"], "source": "cna@sap.com"}, {"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196", "tags": ["Vendor Advisory"], "source": "cna@sap.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-78"}]}], "descriptions": [{"lang": "en", "value": "SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability."}, {"lang": "es", "value": "SAP Solution Manager y SAP Focused Run (actualizaci\u00f3n proporcionada en WILY_INTRO_ENTERPRISE versiones 9.7, 10.1, 10.5, 10.7), permite a un atacante modificar una cookie de manera que los comandos del Sistema Operativo puedan ser ejecutados y potencialmente conseguir el control sobre el host que ejecuta CA Introscope Enterprise Manager, conllevando a una inyecci\u00f3n de c\u00f3digo. Con esto, el atacante es capaz de leer y modificar todos los archivos del sistema y tambi\u00e9n afectar la disponibilidad del sistema"}], "lastModified": "2021-06-17T17:22:20.243", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:sap:introscope_enterprise_manager:9.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "280649F4-6210-48BB-9C51-FA58A24B068F"}, {"criteria": "cpe:2.3:a:sap:introscope_enterprise_manager:10.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F623A68-CBF7-4CFA-9489-85F8636299A1"}, {"criteria": "cpe:2.3:a:sap:introscope_enterprise_manager:10.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FE1FEE0B-A8C2-4D87-A4A4-7CE4A5FF10F0"}, {"criteria": "cpe:2.3:a:sap:introscope_enterprise_manager:10.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05898DD8-CCD0-4E06-A49B-0891782865D4"}], "operator": "OR"}]}], "sourceIdentifier": "cna@sap.com"}