Lucene search

PRIOn knowledge basePRION:CVE-2020-26832

HistoryDec 09, 2020 - 5:15 p.m.

Authorization

2020-12-0917:15:00

PRIOn knowledge base

www.prio-n.com

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H

7.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:P/I:N/A:C

0.012 Low

EPSS

Percentile

84.9%

JSON

SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable.

CPENameOperatorVersion
netweaver_application_server_abapeq20111640.0.0
netweaver_application_server_abapeq20111700.0.0
netweaver_application_server_abapeq20111710.0.0
netweaver_application_server_abapeq20111730.0.0
netweaver_application_server_abapeq20111731.0.0
netweaver_application_server_abapeq20111752.0.0
netweaver_application_server_abapeq2020
netweaver_application_server_abapeq20111620.0.0
s\\/4_hanaeq102
s\\/4_hanaeq103

Name	Operator	Version
netweaver_application_server_abap	eq	20111640.0.0
netweaver_application_server_abap	eq	20111700.0.0
netweaver_application_server_abap	eq	20111710.0.0
netweaver_application_server_abap	eq	20111730.0.0
netweaver_application_server_abap	eq	20111731.0.0
netweaver_application_server_abap	eq	20111752.0.0
netweaver_application_server_abap	eq	2020
netweaver_application_server_abap	eq	20111620.0.0
s\\/4_hana	eq	102
s\\/4_hana	eq	103

Rows per page:

1-10 of 131

References

packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html

seclists.org/fulldisclosure/2022/May/42

launchpad.support.sap.com/

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079

7.6 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H

7.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:P/I:N/A:C

0.012 Low

EPSS

Percentile

84.9%

JSON

Related for PRION:CVE-2020-26832