Lucene search

SapCVELIST:CVE-2020-26837

HistoryDec 09, 2020 - 4:31 p.m.

CVE-2020-26837

2020-12-0916:31:24

sap

www.cve.org

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

9.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.4%

JSON

SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability to compromise confidentiality exposing elements of the file system, partially compromise integrity allowing the modification of some configurations and partially compromise availability by making certain services unavailable.

CNA Affected

[
  {
    "product": "SAP Solution Manager (User Experience Monitoring)",
    "vendor": "SAP SE",
    "versions": [
      {
        "status": "affected",
        "version": "< 7.20"
      }
    ]
  }
]

References

packetstormsecurity.com/files/163160/SAP-Solution-Manager-7.2-File-Disclosure-Denial-Of-Service.html

seclists.org/fulldisclosure/2021/Jun/32

launchpad.support.sap.com/#/notes/2983204

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079

8.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L

9.1 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

53.4%

JSON

Related for CVELIST:CVE-2020-26837