Description
This SAP security note addresses multiple vulnerabilities identified in WebDynpro component of SAP NetWeaver AS ABAP. The vulnerability details along with their CVE relevant information can be found below
Information Disclosure
SAP NetWeaver AS ABAP allows an authenticated user access to WebDynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users, resulting in Information disclosure.
- CVE-2020-26818
- CVSS Score: 6.5; CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Improper Access Control
SAP NetWeaver AS ABAP allows an authenticated user access to WebDynpro components, that allows them to read and modify database logfiles.
- CVE-2020-26819
- CVSS Score: 5.4; CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Available fix and Supported packages
- SAP_BW | 731 | 731
- SAP_BW | 740 | 740
- SAP_BW | 750 | 755
- SAP_BW | 782 | 782
- SAP_BW 782 | SAPK-78201INSAPBW |
- SAP_BW 731 | SAPKW73128 |
- SAP_BW 740 | SAPKW74025 |
- SAP_BW 755 | SAPK-75501INSAPBW |
- SAP_BW 750 | SAPK-75020INSAPBW |
- SAP_BW 751 | SAPK-75112INSAPBW |
- | SAPK-783BHINSAPBW |
- SAP_BW 752 | SAPK-75208INSAPBW |
- SAP_BW 753 | SAPK-75306INSAPBW |
- SAP_BW 754 | SAPK-75404INSAPBW |
Affected component
- BW-WHM-DST-ARC
Archiving
CVSS
Score: 6.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2971954
