CVE-2020-6369
MEDIUMSAP Solution Manager/Focused Run <9.7-10.7 - Auth Bypass
Title source: llmDescription
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service.
References (4)
Core 4
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2971638
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2021/Jun/31
Third Party Advisory x_refsource_misc
http://packetstormsecurity.com/files/163159/SAP-Wily-Introscope-Enterprise-Default-Hard-Coded-Credentials.html
Scores
CVSS v3
5.9
EPSS
0.0124
EPSS Percentile
79.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
Status
published
Products (8)
sap/focused_run
9.7
sap/focused_run
10.1
sap/focused_run
10.5
sap/focused_run
10.7
sap/solution_manager
9.7
sap/solution_manager
10.1
sap/solution_manager
10.5
sap/solution_manager
10.7
Published
Oct 20, 2020
Tracked Since
Feb 18, 2026