CVE-2020-26818
6.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP NetWeaver AS ABAP (Web Dynpro) | < 731 | affected |
| SAP SE | SAP NetWeaver AS ABAP (Web Dynpro) | < 740 | affected |
| SAP SE | SAP NetWeaver AS ABAP (Web Dynpro) | < 750 | affected |
| SAP SE | SAP NetWeaver AS ABAP (Web Dynpro) | < 751 | affected |
| SAP SE | SAP NetWeaver AS ABAP (Web Dynpro) | < 752 | affected |
| SAP SE | SAP NetWeaver AS ABAP (Web Dynpro) | < 753 | affected |
| SAP SE | SAP NetWeaver AS ABAP (Web Dynpro) | < 754 | affected |
| SAP SE | SAP NetWeaver AS ABAP (Web Dynpro) | < 755 | affected |
| SAP SE | SAP NetWeaver AS ABAP (Web Dynpro) | < 782 | affected |
Weaknesses
- Information Disclosure
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571
- https://launchpad.support.sap.com/#/notes/2971954
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571
- https://launchpad.support.sap.com/#/notes/2971954
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.