File Modification Vulnerability in SAP ERP Client for E-Bilanz by SAP
CVE-2020-26807

4.4MEDIUM

Key Information:

Vendor: SAP
Status: SAP Erp Client For E-bilanz 1.0
Vendor: CVE Published:; 10 November 2020

What is CVE-2020-26807?

The SAP ERP Client for E-Bilanz version 1.0 contains a security flaw due to incorrect default filesystem permissions in its installation folder. This misconfiguration permits unauthorized users to access and modify critical files within the installation directory, potentially leading to system integrity issues and unauthorized alterations. Organizations using this software should review their installation settings to mitigate risks associated with this vulnerability.

Affected Version(s)

SAP ERP Client for E-Bilanz 1.0 < 1.0

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2971112

x_refsource_MISC

CVSS V3.1

Score:

4.4

Severity:

MEDIUM

Confidentiality:

None

Integrity:

Low

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 10, 2020
Vulnerability Reserved
Oct 7, 2020