9.1
CVE-2020-26808
- EPSS 3.74%
- Published 10.11.2020 17:15:13
- Last modified 21.11.2024 05:20:19
- Source cna@sap.com
- Teams watchlist Login
- Open Login
SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code injection that can be executed in the application which affects the confidentiality, availability and integrity of the application.
Data is provided by the National Vulnerability Database (NVD)
SAP ≫ Sap As Abap(dmis) Version2011_1_620
SAP ≫ Sap As Abap(dmis) Version2011_1_640
SAP ≫ Sap As Abap(dmis) Version2011_1_700
SAP ≫ Sap As Abap(dmis) Version2011_1_710
SAP ≫ Sap As Abap(dmis) Version2011_1_730
SAP ≫ Sap As Abap(dmis) Version2011_1_731
SAP ≫ Sap As Abap(dmis) Version2011_1_752
SAP ≫ Sap As Abap(dmis) Version2020
SAP ≫ Sap S4 Hana(dmis) Version101
SAP ≫ Sap S4 Hana(dmis) Version102
SAP ≫ Sap S4 Hana(dmis) Version103
SAP ≫ Sap S4 Hana(dmis) Version104
SAP ≫ Sap S4 Hana(dmis) Version105
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.74% | 0.875 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 1.2 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| cna@sap.com | 9.1 | 2.3 | 6 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
|