SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an malicious user to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
sap introscope enterprise manager 9.7 |
||
sap introscope enterprise manager 10.1 |
||
sap introscope enterprise manager 10.5 |
||
sap introscope enterprise manager 10.7 |
Redmond urges folks to apply update ASAP – plus more fixes for Outlook and software from Adobe, Intel, SAP, Red Hat The seven deadly sins letting hackers hijack America's govt networks: These unpatched bugs leave systems open
Patch Tuesday Microsoft's Update Tuesday patch dump for October 2020 has delivered security patches that attempt to address 87 CVEs for a dozen Redmond products. Nadella's security crew has identified 22 remote code execution (RCE) CVEs though the most worrisome looks like CVE-2020-16898, Windows TCP/IP RCE, which is rated 9.8 out 10 in severity. It affects Windows desktop and server systems. According to Microsoft, the Windows TCP/IP stack doesn't properly handle ICMPv6 Router Advertisement pac...