Sign-up

ID

VAR-202011-0412


CVE

CVE-2020-26818


TITLE

SAP NetWeaver AS ABAP  Information Disclosure Vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2020-013123

DESCRIPTION

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure. SAP NetWeaver AS ABAP Contains an information disclosure vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-26818 // JVNDB: JVNDB-2020-013123

AFFECTED PRODUCTS

vendor:sapmodel:netweaver as abapscope:eqversion:731

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:751

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:753

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:752

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:750

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:754

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:782

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:755

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:740

Trust: 1.0

vendor:sapmodel:netweaver application server abapscope:eqversion:750

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:731

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:751

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:753

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:740

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:755

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion: -

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:754

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:782

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:752

Trust: 0.8

sources: JVNDB: JVNDB-2020-013123 // NVD: CVE-2020-26818

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-26818
value: HIGH

Trust: 1.8

CNNVD: CNNVD-202011-732
value: HIGH

Trust: 0.6

NVD: CVE-2020-26818
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2020-26818
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-26818
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-013123 // CNNVD: CNNVD-202011-732 // NVD: CVE-2020-26818

PROBLEMTYPE DATA

problemtype:CWE-862

Trust: 1.0

problemtype:information leak (CWE-200) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-013123 // NVD: CVE-2020-26818

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-732

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-202011-732

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-26818

PATCH
title:SAP Security Patch Day - November 2020url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=562725571
Trust: 0.8
title:SAP NetWeaver AS ABAP Repair measures for information disclosure vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=134559
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-013123 // 
            
            
            
            CNNVD: CNNVD-202011-732

EXTERNAL IDS
db:NVDid:CVE-2020-26818
Trust: 2.4
db:JVNDBid:JVNDB-2020-013123
Trust: 0.8
db:CNNVDid:CNNVD-202011-732
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-013123 // 
            
            
            
            CNNVD: CNNVD-202011-732 // 
            
            
            
            NVD: CVE-2020-26818

REFERENCES
url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=562725571
Trust: 1.6
url:https://launchpad.support.sap.com/#/notes/2971954
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-26818
Trust: 1.4
url:https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-november-2020-33867
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-013123 // 
            
            
            
            CNNVD: CNNVD-202011-732 // 
            
            
            
            NVD: CVE-2020-26818

SOURCES
db:JVNDBid:JVNDB-2020-013123
db:CNNVDid:CNNVD-202011-732
db:NVDid:CVE-2020-26818

LAST UPDATE DATE
2022-05-04T09:46:12.633000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-013123date:2021-06-18T07:26:00
db:CNNVDid:CNNVD-202011-732date:2021-08-16T00:00:00
db:NVDid:CVE-2020-26818date:2021-07-21T11:39:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-013123date:2021-06-18T00:00:00
db:CNNVDid:CNNVD-202011-732date:2020-11-10T00:00:00
db:NVDid:CVE-2020-26818date:2020-11-10T17:15:00