CVE-2020-26838

Summary

SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality, integrity and availability of the server and any data or other applications running on it.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Business Warehouse< 700affected
SAP SESAP Business Warehouse< 701affected
SAP SESAP Business Warehouse< 702affected
SAP SESAP Business Warehouse< 731affected
SAP SESAP Business Warehouse< 740affected
SAP SESAP Business Warehouse< 750affected
SAP SESAP Business Warehouse< 751affected
SAP SESAP Business Warehouse< 752affected
SAP SESAP Business Warehouse< 753affected
SAP SESAP Business Warehouse< 754affected
SAP SESAP Business Warehouse< 755affected
SAP SESAP Business Warehouse< 782affected
SAP SESAP BW4HANA< 100affected
SAP SESAP BW4HANA< 200affected

Weaknesses

  • Code Injection

ADP Enrichment

CVE Program Container

Additional References

References