CVE-2020-26819

Summary

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS ABAP (Web Dynpro)< 731affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro)< 740affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro)< 750affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro)< 751affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro)< 752affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro)< 753affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro)< 754affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro)< 755affected
SAP SESAP NetWeaver AS ABAP (Web Dynpro)< 782affected

Weaknesses

  • Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

References