CVE-2020-26838 — CRITICAL (9.1)

Vulnerability Description

SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality, integrity and availability of the server and any data or other applications running on it.

CVSS Score

9.1

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Sap	Business Warehouse	700
Sap	Bw\/4Hana	100

Related Weaknesses (CWE)

CWE-78

References

https://launchpad.support.sap.com/#/notes/2983367Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079Vendor Advisory
https://launchpad.support.sap.com/#/notes/2983367Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079Vendor Advisory

FAQ

What is CVE-2020-26838?

CVE-2020-26838 is a vulnerability with a CVSS score of 9.1 (CRITICAL). SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to...

How severe is CVE-2020-26838?

CVE-2020-26838 has been rated CRITICAL with a CVSS base score of 9.1/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2020-26838?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Business Warehouse, Sap Bw\/4Hana.