CVE-2020-6364

CRITICAL

SAP Solution Manager/Focused Run <10.7 - Code Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-6364. PoCs published by gquere.

AI-analyzed exploit summary This repository provides a technical analysis of CVE-2020-6364, a deserialization vulnerability in CA APM Team Center leading to unauthenticated RCE. It includes details on the vulnerable code path, exploitation via ysoserial gadgets, and confirmation of a working payload (CommonsBeanutils).

Description

SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability.

Exploits (1)

nomisec WRITEUP 2 stars

by gquere · poc

https://github.com/gquere/CVE-2020-6364

View Code ZIP pw:eip

This repository provides a technical analysis of CVE-2020-6364, a deserialization vulnerability in CA APM Team Center leading to unauthenticated RCE. It includes details on the vulnerable code path, exploitation via ysoserial gadgets, and confirmation of a working payload (CommonsBeanutils).

Classification

Writeup 90%

Attack Type

Deserialization

Complexity

Moderate

Reliability

Reliable

Target: CA APM Team Center (Wily Introscope)

No auth needed

Prerequisites: Access to the target server · ysoserial tool for payload generation

MITRE ATT&CK

T1189 - Drive-by Compromise T1505 - Server Software Component

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4

Core References

Vendor Advisory x_refsource_misc

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196

Permissions Required, Vendor Advisory x_refsource_misc

https://launchpad.support.sap.com/#/notes/2969828

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2021/Jun/28

Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/163153/SAP-Wily-Introscope-Enterprise-OS-Command-Injection.html

Scores

CVSS v3 10.0

EPSS 0.0641

EPSS Percentile 92.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Details

CWE

CWE-78

Status published

Products (4)

sap/introscope_enterprise_manager 9.7

sap/introscope_enterprise_manager 10.1

sap/introscope_enterprise_manager 10.5

sap/introscope_enterprise_manager 10.7

Published Oct 15, 2020

Tracked Since Feb 18, 2026