cbcvebase.
CVE-2020-26832
published 2020-12-09

CVE-2020-26832: SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA…

high7.6CVSS 3.1
AVNACLPRHUINSCCLINAH
SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable.

Affected

26 ranges· showing 25
VendorProductVersion rangeFixed in
sapnetweaver_application_server_abap
sapnetweaver_application_server_abap
sapnetweaver_application_server_abap
sapnetweaver_application_server_abap
sapnetweaver_application_server_abap
sapnetweaver_application_server_abap
sapnetweaver_application_server_abap
sapnetweaver_application_server_abap
saps_4_hana
saps_4_hana
saps_4_hana
saps_4_hana
saps_4_hana
sap_sesap_netweaver_as_abap< 2011_1_6202011_1_620
sap_sesap_netweaver_as_abap< 2011_1_6402011_1_640
sap_sesap_netweaver_as_abap< 2011_1_7002011_1_700
sap_sesap_netweaver_as_abap< 2011_1_7102011_1_710
sap_sesap_netweaver_as_abap< 2011_1_7302011_1_730
sap_sesap_netweaver_as_abap< 2011_1_7312011_1_731
sap_sesap_netweaver_as_abap< 2011_1_7522011_1_752
sap_sesap_netweaver_as_abap< 20202020
sap_sesap_s4_hana< 101101
sap_sesap_s4_hana< 102102
sap_sesap_s4_hana< 103103
sap_sesap_s4_hana< 104104