Server-Side Request Forgery in SAP Fiori Launchpad by SAP
CVE-2020-26815

8.6HIGH

Key Information:

Vendor: SAP
Status: SAP Fiori LauncHPad (news Tile Application)
Vendor: CVE Published:; 10 November 2020

What is CVE-2020-26815?

SAP Fiori Launchpad, specifically within its News tile Application, is susceptible to a Server-Side Request Forgery (SSRF). This vulnerability allows an unauthorized attacker to craft requests targeting internal systems, which are typically shielded behind firewalls, thereby gaining unauthorized access to sensitive or confidential resources. Such exploitation can compromise the security posture of the application, rendering restricted internal resources vulnerable to exposure.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP Fiori Launchpad (News Tile Application) < 750 < 750

SAP Fiori Launchpad (News Tile Application) < 751 < 751

SAP Fiori Launchpad (News Tile Application) < 752 < 752

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2984627

x_refsource_MISC

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Nov 10, 2020
Vulnerability Reserved
Oct 7, 2020

JSON

SAP

What is CVE-2020-26815?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.