CVE-2020-26818

Summary

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS ABAP (Web Dynpro)< 731affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro)< 740affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro)< 750affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro)< 751affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro)< 752affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro)< 753affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro)< 754affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro)< 755affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro)< 782affected

Weaknesses

  • Information Disclosure

ADP Enrichment

CVE Program Container

Additional References

References