CVE-2020-26837 Information

Jun 07, 2022 cve

Description

SAP Solution Manager 7.2 (User Experience Monitoring) version - 7.2 allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability to compromise confidentiality exposing elements of the file system partially compromise integrity allowing the modification of some configurations and partially compromise availability by making certain services unavailable.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L

Reference

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079 https://launchpad.support.sap.com/#/notes/2983204 http://seclists.org/fulldisclosure/2021/Jun/32 http://packetstormsecurity.com/files/163160/SAP-Solution-Manager-7.2-File-Disclosure-Denial-Of-Service.html

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

LOW

Base Score

LOW

Base Severity

9.1

Share on: