7.6
CVE-2020-26832
- EPSS 0.5%
- Published 09.12.2020 17:15:31
- Last modified 21.11.2024 05:20:21
- Source cna@sap.com
- Teams watchlist Login
- Open Login
SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable.
Data is provided by the National Vulnerability Database (NVD)
SAP ≫ Netweaver Application Server Abap Version2011_1_620
SAP ≫ Netweaver Application Server Abap Version2011_1_640
SAP ≫ Netweaver Application Server Abap Version2011_1_700
SAP ≫ Netweaver Application Server Abap Version2011_1_710
SAP ≫ Netweaver Application Server Abap Version2011_1_730
SAP ≫ Netweaver Application Server Abap Version2011_1_731
SAP ≫ Netweaver Application Server Abap Version2011_1_752
SAP ≫ Netweaver Application Server Abap Version2020
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.5% | 0.648 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.6 | 2.3 | 4.7 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H
|
| nvd@nist.gov | 7.5 | 8 | 7.8 |
AV:N/AC:L/Au:S/C:P/I:N/A:C
|
| cna@sap.com | 7.6 | 2.3 | 4.7 |
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.