Hacker working

Act now! Introscope EM vulnerability published [CVE-2020-6364]

Today SAP has released a Security note with CVSS score of 10/10 which affects the Solution Manager Wily Introscope Enterprise Manager, this includes SAP Focused Run too. 

Every Introscope EM Agent that is version 10.7.0.304 or lower is vulnerable and an attacker could perform a remote OS command injection where the attacker could potentially gain control over the host running the CA Introscope Enterprise Manager and this may impact the integrity, confidentiality, and availability of the service. 

Right now, the solution is to patch the Introscope EM to the latest patch which is found in SAP Download Center. The workaround provided by SAP is to stop Introscope EM until it can be patched. Systems that run Introscope EM version 10.5 need to upgrade to EM to 10.7.

If your system is running SAP Solution Manager 7.1 or an older version of SAP Solution Manager 7.2 (<05), you have to update/upgrade your SAP Solution Manager.

How to check what version of Introscope EM you currently have:

Windows:

<Drive>:\usr\sap\CCMS\apmintroscope\logs\IntroscopeEnterpriseManager.txt

Unix:

/usr/sap/ccms/apmintroscope/logs/IntroscopeEnterpriseManager.log

In that file search for “Release” and you can find exact result which shows the current version and patch: Introscope Enterprise Manager Release 10.7.0.279

Path to the Introscope EM agent in software center:

https://support.sap.com/swdc -> Software Downloads -> Support Packages and Patches (2nd tab) -> By Category –> SAP Technology Components -> SAP SOLUTION MANAGER -> SAP SOLUTION MANAGER 7.2 -> WILY INTROSCOPE -> WILY INTROSCOPE ENTPR MGR 10.7 -> (your OS for the enterprise mgr): WILYISEM00P_1*.zip

Note: Make sure to download the latest one “WILYSEM00P_1*.zip” which was released on 9th of October 2020. SAP released two EM versions last week. The release of 6th of October, is already affected by this!

SAP Note: 2969828 – [CVE-2020-6364] OS Command Injection Vulnerability in CA Introscope Enterprise Manager (Affected Products: SAP Solution Manager and SAP Focused Run)

If you need help with patching your Solution Manager Wily Introscope Enterprise Manager, feel free to reach out to us:

Help with security patching

[contact-form-7 id=”26123″ title=”Project quote”]

Avatar photo

Marko Laius

Marko works as an ALM Technology Expert and has extensive knowledge in the use of SAP Solution Manager with a focus on technical monitoring. He has experience in the area of SAP Basis and has also familiarized himself with test automation.

Leave a Reply

Your email address will not be published.

blueworks Logo

Certified
Business Transformation
Professionals.


© blueworksgroup 2024. All rights reserved.

blue.works® and alm360® are registered trademarks in the European Union and Switzerland.
SAP is a registered trademark of SAP SE.