CVE-2020-26822

EPSS 0.81%
Published 10.11.2020 17:15:14
Last modified 21.11.2024 05:20:20
Source cna@sap.com
Teams watchlist Login
Open Login

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, this has an impact to the integrity and availability of the service.

Affected products Warnungen 0 Metrics 4 CWE 1 References 5

Data is provided by the National Vulnerability Database (NVD)

SAP ≫ Solution Manager Version7.20

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.81%	0.72

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	10	3.9	5.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
nvd@nist.gov	6.4	10	4.9	AV:N/AC:L/Au:N/C:N/I:P/A:P
cna@sap.com	10	3.9	5.8	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2985866

Vendor Advisory

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2020-26822

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-26822

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-26822

EUVD