Sign-up

ID

VAR-202011-0413


CVE

CVE-2020-26819


TITLE

SAP NetWeaver AS ABAP  Authentication vulnerabilities in

Trust: 0.8

sources: JVNDB: JVNDB-2020-013124

DESCRIPTION

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control. SAP NetWeaver AS ABAP (Web Dynpro) Contains an authentication vulnerability.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state

Trust: 1.62

sources: NVD: CVE-2020-26819 // JVNDB: JVNDB-2020-013124

AFFECTED PRODUCTS

vendor:sapmodel:netweaver as abapscope:eqversion:731

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:751

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:753

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:752

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:750

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:754

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:782

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:755

Trust: 1.0

vendor:sapmodel:netweaver as abapscope:eqversion:740

Trust: 1.0

vendor:sapmodel:netweaver application server abapscope:eqversion:750

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:731

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:751

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:753

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:740

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:755

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion: -

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:754

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:782

Trust: 0.8

vendor:sapmodel:netweaver application server abapscope:eqversion:752

Trust: 0.8

sources: JVNDB: JVNDB-2020-013124 // NVD: CVE-2020-26819

CVSS

SEVERITY

CVSSV2

CVSSV3

NVD: CVE-2020-26819
value: HIGH

Trust: 1.8

CNNVD: CNNVD-202011-735
value: HIGH

Trust: 0.6

NVD: CVE-2020-26819
severity: MEDIUM
baseScore: 6.5
vectorString: AV:N/AC:L/AU:S/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: SINGLE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

NVD: CVE-2020-26819
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2020-26819
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-013124 // CNNVD: CNNVD-202011-735 // NVD: CVE-2020-26819

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Improper authentication (CWE-287) [NVD Evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2020-013124 // NVD: CVE-2020-26819

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202011-735

TYPE

authorization issue

Trust: 0.6

sources: CNNVD: CNNVD-202011-735

CONFIGURATIONS

sources:
            
            
            NVD: CVE-2020-26819

PATCH
title:SAP Security Patch Day - November 2020url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=562725571
Trust: 0.8
title:SAP NetWeaver AS ABAP Remediation measures for authorization problem vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=134560
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-013124 // 
            
            
            
            CNNVD: CNNVD-202011-735

EXTERNAL IDS
db:NVDid:CVE-2020-26819
Trust: 2.4
db:JVNDBid:JVNDB-2020-013124
Trust: 0.8
db:CNNVDid:CNNVD-202011-735
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-013124 // 
            
            
            
            CNNVD: CNNVD-202011-735 // 
            
            
            
            NVD: CVE-2020-26819

REFERENCES
url:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageid=562725571
Trust: 1.6
url:https://launchpad.support.sap.com/#/notes/2971954
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-26819
Trust: 1.4
url:https://vigilance.fr/vulnerability/sap-multiple-vulnerabilities-of-november-2020-33867
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-013124 // 
            
            
            
            CNNVD: CNNVD-202011-735 // 
            
            
            
            NVD: CVE-2020-26819

SOURCES
db:JVNDBid:JVNDB-2020-013124
db:CNNVDid:CNNVD-202011-735
db:NVDid:CVE-2020-26819

LAST UPDATE DATE
2022-05-04T09:15:41.487000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-013124date:2021-06-18T07:26:00
db:CNNVDid:CNNVD-202011-735date:2021-08-16T00:00:00
db:NVDid:CVE-2020-26819date:2021-07-21T11:39:00

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-013124date:2021-06-18T00:00:00
db:CNNVDid:CNNVD-202011-735date:2020-11-10T00:00:00
db:NVDid:CVE-2020-26819date:2020-11-10T17:15:00