CVE-2020-26832Missing Authorization in SE SAP Netweaver AS Abap

CWE-862Missing Authorization3 documents3 sources
Severity
7.6HIGHNVD
EPSS
0.5%
top 34.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
SAP SE SAP Netweaver AS AbapSAP SE SAP S4 HanaSAP Netweaver Application Server Abap+1 more
Timeline
PublishedDec 9
Latest updateMay 24

Description

SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completel

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:HExploitability: 2.3 | Impact: 4.7

Affected Packages4 packages

CVEListV5sap_se/sap_s4_hana< 101+4
CVEListV5sap_se/sap_netweaver_as_abap< 2011_1_620+7
NVDsap/s_4_hana5 versions+4
NVDsap/netweaver_application8 versions+7

🔴Vulnerability Details

2
GHSA
GHSA-898v-h686-8h79: SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SA2022-05-24
CVEList
CVE-2020-26832: SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SA2020-12-09
CVE-2020-26832 — Missing Authorization | cvebase