Vulnerability Description
SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Application Server Abap | 2011_1_620 |
| Sap | S\/4 Hana | 101 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-PlaExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2022/May/42ExploitMailing ListThird Party Advisory
- https://launchpad.support.sap.com/#/notes/2993132Permissions Required
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079Vendor Advisory
- http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-PlaExploitThird Party AdvisoryVDB Entry
- http://seclists.org/fulldisclosure/2022/May/42ExploitMailing ListThird Party Advisory
- https://launchpad.support.sap.com/#/notes/2993132Permissions Required
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079Vendor Advisory
FAQ
What is CVE-2020-26832?
CVE-2020-26832 is a vulnerability with a CVSS score of 7.6 (HIGH). SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions...
How severe is CVE-2020-26832?
CVE-2020-26832 has been rated HIGH with a CVSS base score of 7.6/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-26832?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Netweaver Application Server Abap, Sap S\/4 Hana.