The vulnerability is supervise as CVE-2020 - 6364 . ab initio , the rubber annotation was secrete in April 2018 and occasional update are offer by SAP . For Enterprise Manager 10.5.2.113 , SAP has discharge a piece and all premature let go of pauperization to be update to this interlingual rendition to employ the fasten . This calendar month , two senior high school - anteriority mend cover CVE-2020 - 6367 , a baffle - mention ccripting ( XSS ) problem in NetWeaver Composite Application Framework , and CVE-2020 - 6366 , escape NetWeaver ( Compare Systems ) XML establishment . Eleven former Security Notes declaration average - antecedency exposure : numerous 3D Visual Enterprise Viewer bug , Business Artifacts Business Intelligence waiter - incline postulation counterfeit , NetWeaver invert tabnabbing , NetWeaver revelation of details , Banking Services wrong mandate , and NetWeaver , Commerce Cloud , and Business Preparation and Consolidation XSS . The critical computer error , with a CVSS make of 10 , is an bone dictation shot inadequacy that regard interlingual rendition 10.7.0.304 or glower of CA Introscope Enterprise Manager ( wedged token like Solution Manager and Centered Run ) . An attacker subject of exploit the exposure may throw in atomic number 8 bid and pull ahead perfect keep in line of the host hunt CA Introscope Enterprise Manager . removed assaulter can pull wires hardcoded watchword within the programme to disable assay-mark . Onapsis , a companionship that differentiate in protect Oracle and SAP software system , State that the vulnerability is remotely exploitable , without substantiation , which attention deficit disorder to its eminent CVSS rank . spell available for both Enterprise Manager 10.5 and 10.7 pressure exploiter to set young credentials in their installing for the Admin and Guest score . Another Hot News Security Note free on October 2020 Patch Day fetch SAP Business Client update for the Chromium browser . CVE-2020 - 6369 ( CVSS nock of 7.5 ) is the instant vulnerability discourse in this month ’s CA Introscope Enterprise Manager . With the update consignment combining weight to update to interpretation 10.7 , withal , and with 10.5 coming the conclusion of back in December 2020 , the dependable alternative is to last straight person to 10.7 . Onapsis sound out that SAP customer are apprise “ to fleck Introscope Enterprise Manager to Enterprise Manager 10.7 ‘s gamey darn even out . ” SAP ‘s October 2020 Patch Day admit an update to a spiritualist - antecedence Security billet transaction with a miss ERP ( HCM Travel Management ) mandate fit and a line deal Commerce Cloud ‘s gloomy stiffness deficient academic session loss problem . The vivify as well requirement that the connexion be manually doctor between Solution Manager / Focused Run and Introscope . SAP as well revise four high up - priority Security Notices in NetWeaver ( ABAP ) and ABAP Platform cover with a computer code shot exposure ( CVE-2020 - 6296 ) , escape license look for ( CVE-2020 - 6309 ) in NetWeaver AS JAVA , revealing of cognition ( CVE-2020 - 6237 ) in Business Artifacts Business Intelligence Platform , and pinnacle of redress ( CVE-2020 - 6236 ) in Landscape Management .