CVE-2020-26829

Summary

SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. As result, an unauthenticated attacker can invoke certain functions that would otherwise be restricted to system administrators only, including access to system administration functions or shutting down the system completely.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP NetWeaver AS JAVA (P2P Cluster Communication)< 7.11affected
SAP SESAP NetWeaver AS JAVA (P2P Cluster Communication)< 7.20affected
SAP SESAP NetWeaver AS JAVA (P2P Cluster Communication)< 7.30affected
SAP SESAP NetWeaver AS JAVA (P2P Cluster Communication)< 7.31affected
SAP SESAP NetWeaver AS JAVA (P2P Cluster Communication)< 7.40affected
SAP SESAP NetWeaver AS JAVA (P2P Cluster Communication)< 7.50affected

Weaknesses

  • Missing Authentication Check

ADP Enrichment

CVE Program Container

Additional References

References