CVE-2020-26838
9.1
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Summary
SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality, integrity and availability of the server and any data or other applications running on it.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Business Warehouse | < 700 | affected |
| SAP SE | SAP Business Warehouse | < 701 | affected |
| SAP SE | SAP Business Warehouse | < 702 | affected |
| SAP SE | SAP Business Warehouse | < 731 | affected |
| SAP SE | SAP Business Warehouse | < 740 | affected |
| SAP SE | SAP Business Warehouse | < 750 | affected |
| SAP SE | SAP Business Warehouse | < 751 | affected |
| SAP SE | SAP Business Warehouse | < 752 | affected |
| SAP SE | SAP Business Warehouse | < 753 | affected |
| SAP SE | SAP Business Warehouse | < 754 | affected |
| SAP SE | SAP Business Warehouse | < 755 | affected |
| SAP SE | SAP Business Warehouse | < 782 | affected |
| SAP SE | SAP BW4HANA | < 100 | affected |
| SAP SE | SAP BW4HANA | < 200 | affected |
Weaknesses
- Code Injection
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079
- https://launchpad.support.sap.com/#/notes/2983367
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079
- https://launchpad.support.sap.com/#/notes/2983367
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.