Security News > 2020 > October > SAP Patches Critical Vulnerability in CA Introscope Enterprise Manager
2020-10-15 08:48
The updates released by SAP for October 2020 include 15 Security Notes, including one that addresses a critical vulnerability.
Featuring a CVSS score of 10, the critical flaw is an OS command injection vulnerability that affects CA Introscope Enterprise Manager version 10.7.0.304 or lower.
An attacker able to exploit the vulnerability could inject OS commands and gain full control of the host on which CA Introscope Enterprise Manager is running.
SAP customers are advised "To patch Introscope Enterprise Manager to the highest patch level of Enterprise Manager 10.7," Onapsis says.
A second vulnerability addressed in CA Introscope Enterprise Manager this month is CVE-2020-6369.
News URL
Related news
- CrushFTP: Patch critical vulnerability ASAP! (CVE-2025-2825) (source)
- Mozilla Patches Critical Firefox Bug Similar to Chrome’s Recent Zero-Day Vulnerability (source)
- Gladinet’s Triofox and CentreStack Under Active Exploitation via Critical RCE Vulnerability (source)
- Critical Apache Roller Vulnerability (CVSS 10.0) Enables Unauthorized Session Persistence (source)
- Critical Erlang/OTP SSH Vulnerability (CVSS 10.0) Allows Unauthenticated Code Execution (source)
- Critical Commvault RCE vulnerability fixed, PoC available (CVE-2025-34028) (source)
- New Critical SAP NetWeaver Flaw Exploited to Drop Web Shell, Brute Ratel Framework (source)
- SAP fixes critical Netweaver flaw exploited in attacks (source)
- Critical SAP NetWeaver flaw exploited by suspected initial access broker (CVE-2025-31324) (source)
- ⚡ Weekly Recap: Critical SAP Exploit, AI-Powered Phishing, Major Breaches, New CVEs & More (source)
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-10-20 | CVE-2020-6369 | Unspecified vulnerability in SAP Focused RUN and Solution Manager SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an unauthenticated attackers to bypass the authentication if the default passwords for Admin and Guest have not been changed by the administrator.This may impact the confidentiality of the service. | 5.9 |