8.8
CVE-2020-26818
- EPSS 0.27%
- Veröffentlicht 10.11.2020 17:15:13
- Zuletzt bearbeitet 21.11.2024 05:20:20
- Quelle cna@sap.com
- Teams Watchlist Login
- Unerledigt Login
SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Netweaver Application Server Abap Version731
SAP ≫ Netweaver Application Server Abap Version740
SAP ≫ Netweaver Application Server Abap Version750
SAP ≫ Netweaver Application Server Abap Version751
SAP ≫ Netweaver Application Server Abap Version752
SAP ≫ Netweaver Application Server Abap Version753
SAP ≫ Netweaver Application Server Abap Version754
SAP ≫ Netweaver Application Server Abap Version755
SAP ≫ Netweaver Application Server Abap Version782
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.27% | 0.499 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.8 | 2.8 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.5 | 8 | 6.4 |
AV:N/AC:L/Au:S/C:P/I:P/A:P
|
| cna@sap.com | 6.5 | 2.8 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.