CVE-2020-26820

CWE-434Unrestricted File Upload3 documents3 sources
Severity
7.2HIGH
EPSS
3.2%
top 13.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Netweaver AS JavaSAP Netweaver Application Server Java
Timeline
PublishedNov 10
Latest updateMay 24

Description

SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the file system and upload a malicious file. The attacker or another user can then use a separate mechanism to execute OS commands through the uploaded file leading to Privilege Escalation and completely compromise the confidentiality, integrity and availability of the server operating system and any appl

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5sap_se/sap_netweaver_as_java< 7.20+4
NVDsap/netweaver_application5 versions+4

🔴Vulnerability Details

2
GHSA
GHSA-62xw-wxv8-j4h9: SAP NetWeaver AS JAVA, versions - 72022-05-24
CVEList
CVE-2020-26820: SAP NetWeaver AS JAVA, versions - 72020-11-10
CVE-2020-26820 (HIGH CVSS 7.2) | SAP NetWeaver AS JAVA | cvebase.io