Server-Side Request Forgery in SAP Fiori Launchpad by SAP
CVE-2020-26815
8.6HIGH
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 10 November 2020
What is CVE-2020-26815?
SAP Fiori Launchpad, specifically within its News tile Application, is susceptible to a Server-Side Request Forgery (SSRF). This vulnerability allows an unauthorized attacker to craft requests targeting internal systems, which are typically shielded behind firewalls, thereby gaining unauthorized access to sensitive or confidential resources. Such exploitation can compromise the security posture of the application, rendering restricted internal resources vulnerable to exposure.
Affected Version(s)
SAP Fiori Launchpad (News Tile Application) < 750 < 750
SAP Fiori Launchpad (News Tile Application) < 751 < 751
SAP Fiori Launchpad (News Tile Application) < 752 < 752