Vulnerability Description
SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability to compromise confidentiality exposing elements of the file system, partially compromise integrity allowing the modification of some configurations and partially compromise availability by making certain services unavailable.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Solution Manager | 7.20 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/163160/SAP-Solution-Manager-7.2-File-DiscloThird Party Advisory
- http://seclists.org/fulldisclosure/2021/Jun/32Mailing ListThird Party Advisory
- https://launchpad.support.sap.com/#/notes/2983204Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079Vendor Advisory
- http://packetstormsecurity.com/files/163160/SAP-Solution-Manager-7.2-File-DiscloThird Party Advisory
- http://seclists.org/fulldisclosure/2021/Jun/32Mailing ListThird Party Advisory
- https://launchpad.support.sap.com/#/notes/2983204Permissions RequiredVendor Advisory
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079Vendor Advisory
FAQ
What is CVE-2020-26837?
CVE-2020-26837 is a vulnerability with a CVSS score of 9.1 (CRITICAL). SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability to compromise ...
How severe is CVE-2020-26837?
CVE-2020-26837 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2020-26837?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Solution Manager.