CVE-2020-26838 Information

Jun 07, 2022 cve

Description

SAP Business Warehouse versions - 700 701 702 731 740 750 751 752 753 754 755 782 and SAP BW4HANA versions - 100 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality integrity and availability of the server and any data or other applications running on it.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Reference

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079 https://launchpad.support.sap.com/#/notes/2983367

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction Required

HIGH

Scope

NONE

Confidentiality Impact

CHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.1

Share on: