Skip links

CVE-2020-26818 Multiple vulnerabilities in SAP NetWeaver AS ABAP (Web Dynpro), SAP security note 2971954

Description

This SAP security note addresses multiple vulnerabilities identified in WebDynpro component of SAP NetWeaver AS ABAP. The vulnerability details along with their CVE relevant information can be found below

Information Disclosure

SAP NetWeaver AS ABAP allows an authenticated user access to WebDynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users, resulting in Information disclosure.

  • CVE-2020-26818
  • CVSS Score: 6.5; CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Improper Access Control

SAP NetWeaver AS ABAP allows an authenticated user access to WebDynpro components, that allows them to read and modify database logfiles.

  • CVE-2020-26819
  • CVSS Score: 5.4; CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Available fix and Supported packages

  • SAP_BW | 731 | 731
  • SAP_BW | 740 | 740
  • SAP_BW | 750 | 755
  • SAP_BW | 782 | 782
  • SAP_BW 782 | SAPK-78201INSAPBW |
  • SAP_BW 731 | SAPKW73128 |
  • SAP_BW 740 | SAPKW74025 |
  • SAP_BW 755 | SAPK-75501INSAPBW |
  • SAP_BW 750 | SAPK-75020INSAPBW |
  • SAP_BW 751 | SAPK-75112INSAPBW |
  • | SAPK-783BHINSAPBW |
  • SAP_BW 752 | SAPK-75208INSAPBW |
  • SAP_BW 753 | SAPK-75306INSAPBW |
  • SAP_BW 754 | SAPK-75404INSAPBW |

Affected component

    BW-WHM-DST-ARC
    Archiving

CVSS

Score: 6.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2971954

TAGS

#Information-Disclosure
#Improper-Access-Control
#Authorization-error
#Authorization-profile
#&160-CVE-2020-26818
#&160-CVE-2020-26819