Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-26832

Опубликовано: 09 дек. 2020
Источник: nvd
CVSS3: 7.6
CVSS3: 7.6
CVSS2: 7.5
EPSS Низкий

Описание

SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:sap:netweaver_application_server_abap:2011_1_620:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:2011_1_640:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:2011_1_700:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:2011_1_710:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:2011_1_730:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:2011_1_731:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:2011_1_752:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver_application_server_abap:2020:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:101:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:102:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:103:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:104:*:*:*:*:*:*:*
cpe:2.3:a:sap:s\/4_hana:105:*:*:*:*:*:*:*

EPSS

Процентиль: 65%
0.00495
Низкий

7.6 High

CVSS3

7.6 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-862

Связанные уязвимости

github логотип

GHSA-898v-h686-8h79

CVSS3: 7.6
github
больше 3 лет назад

SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable.

EPSS

Процентиль: 65%
0.00495
Низкий

7.6 High

CVSS3

7.6 High

CVSS3

7.5 High

CVSS2

Дефекты

CWE-862