HIGHπŸ‡΅πŸ‡± Wersja polska

CVE-2020-26832

CVSS 7.6v3.1pub. 2020-12-09upd. 2024-11-21

SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H
  • Sap Netweaver Application Server Abap

    APP
    Sap
    2011_1_6202011_1_6402011_1_7002011_1_7102011_1_7302011_1_7312011_1_7522020
  • Sap S\/4 Hana

    APP
    Sap
    101102103104105
πŸ”΅
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-22536CRITICAL10.0⚠ KEVten sam produkt

SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Serve...

CVE-2026-0488CRITICAL9.9PL βœ“ten sam produkt

SAP CRM / S/4HANA Scripting Editor β€” nieautoryzowane wykonanie SQL

CVE-2026-0498CRITICAL9.1PL βœ“ten sam produkt

SAP S/4HANA: injection kodu ABAP/poleceΕ„ OS przez RFC z uprawnieniami admina

CVE-2023-40309CRITICAL9.8ten sam produkt

SAP CommonCryptoLib does not perform necessary authentication checks, which may result in missing or wrong aut...

CVE-2023-27500CRITICAL9.6ten sam produkt

An attacker with non-administrative authorizations can exploit a directory traversal flaw in program SAPRSBRO ...

CVE-2020-26832 β€” Sap β€” Netweaver Application Server Abap β€” HIGH β€” CVSS 7.6 | CVEbaza.pl