CVE-2020-26814 — Sensitive Information Exposure in SE SAP Process Integration

3 documents3 sources

Severity

4.9MEDIUMNVD

EPSS

0.2%

top 53.01%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Process Integration SAP Process Integration

Timeline

PublishedNov 10

Latest updateMay 24

Description

SAP Process Integration (PGP Module - Business-to-Business Add On), version - 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these keys can then be used to read messages processed by the module leading to Information Disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5sap_se/sap_process_integration< 1.0

▶NVDsap/process_integration1.0

🔴Vulnerability Details

GHSA

GHSA-mf63-wm8x-6475: SAP Process Integration (PGP Module - Business-to-Business Add On), version - 1↗2022-05-24

▶

CVEList

CVE-2020-26814: SAP Process Integration (PGP Module - Business-to-Business Add On), version - 1↗2020-11-10

▶