CVE-2020-26838

CWE-78OS Command Injection3 documents3 sources
Severity
9.1CRITICAL
EPSS
2.0%
top 16.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
SAP SE SAP Business WarehouseSAP SE SAP Bw4hanaSAP Business Warehouse+1 more
Timeline
PublishedDec 9
Latest updateMay 24

Description

SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality, integrity an

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:HExploitability: 2.3 | Impact: 6.0

Affected Packages4 packages

CVEListV5sap_se/sap_business_warehouse< 700+11
NVDsap/business_warehouse12 versions+11
CVEListV5sap_se/sap_bw4hana< 100+1
NVDsap/bw\/4hana100, 200+1

🔴Vulnerability Details

2
GHSA
GHSA-j3jc-48fv-7w6q: SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker2022-05-24
CVEList
CVE-2020-26838: SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker2020-12-09
CVE-2020-26838 (CRITICAL CVSS 9.1) | SAP Business Warehouse | cvebase.io