Описание
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability.
Ссылки
- http://packetstormsecurity.com/files/163153/SAP-Wily-Introscope-Enterprise-OS-Command-Injection.htmlThird Party Advisory
- Mailing ListThird Party Advisory
- Permissions RequiredVendor Advisory
- Vendor Advisory
- http://packetstormsecurity.com/files/163153/SAP-Wily-Introscope-Enterprise-OS-Command-Injection.htmlThird Party Advisory
- Mailing ListThird Party Advisory
- Permissions RequiredVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Одно из
EPSS
10 Critical
CVSS3
10 Critical
CVSS3
10 Critical
CVSS2
Дефекты
Связанные уязвимости
SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability.
EPSS
10 Critical
CVSS3
10 Critical
CVSS3
10 Critical
CVSS2