Critical Vulnerability in SAP CA Introscope Enterprise Manager (CVE-2020-6364)

SAP has released a security update to address an OS command injection critical vulnerability (CVE-2020-6364) affecting the SAP CA Introscope Enterprise Manager.

Successful exploitation of the vulnerability could allow an attacker to take control of an affected system. 

The vulnerability is present in SAP Solution Manager and SAP Focused Run. The versions known to be vulnerable are WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7.

Administrators of the affected applications are advised to install the latest security update immediately.

More information is available here:

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196

https://us-cert.cisa.gov/ncas/current-activity/2020/10/13/sap-releases-october-2020-security-updates