CVE-2020-26819Improper Authentication in SE SAP Netweaver AS Abap

CWE-287Improper Authentication3 documents3 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 40.35%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver AS AbapSAP Netweaver Application Server Abap
Timeline
PublishedNov 10
Latest updateMay 24

Description

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5sap_se/sap_netweaver_as_abap< 731+8
NVDsap/netweaver_application9 versions+8

🔴Vulnerability Details

2
GHSA
GHSA-6hm9-wj83-37rw: SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro componen2022-05-24
CVEList
CVE-2020-26819: SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro componen2020-11-10
CVE-2020-26819 — Improper Authentication | cvebase