Vulnerability Description
SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code injection that can be executed in the application which affects the confidentiality, availability and integrity of the application.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Sap As Abap\(Dmis\) | 2011_1_620 |
| Sap | Sap S4 Hana\(Dmis\) | 101 |
References
- http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-PlaExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2022/May/42ExploitMailing ListThird Party Advisory
- https://launchpad.support.sap.com/#/notes/2973735Permissions Required
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571Vendor Advisory
- http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-PlaExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2022/May/42ExploitMailing ListThird Party Advisory
- https://launchpad.support.sap.com/#/notes/2973735Permissions Required
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571Vendor Advisory
FAQ
What is CVE-2020-26808?
CVE-2020-26808 is a vulnerability with a CVSS score of 7.2 (HIGH). SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticate...
How severe is CVE-2020-26808?
CVE-2020-26808 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-26808?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Sap As Abap\(Dmis\), Sap Sap S4 Hana\(Dmis\).