Authorization Bypass in SAP AS ABAP and S4 HANA Products by SAP
CVE-2020-26832
7.6HIGH
Key Information:
- Vendor
SAP
- Status
- Vendor
- CVE Published:
- 9 December 2020
What is CVE-2020-26832?
This vulnerability in SAP AS ABAP and SAP S4 HANA permits high privileged users to execute Remote Function Call (RFC) function modules without the necessary authorization, potentially exposing sensitive internal information or rendering the affected SAP systems inoperable. Attackers can exploit this flaw to bypass access controls, resulting in unauthorized data exposure and service disruption.
Affected Version(s)
SAP NetWeaver AS ABAP (SAP Landscape Transformation) < 2011_1_620 < 2011_1_620
SAP NetWeaver AS ABAP (SAP Landscape Transformation) < 2011_1_640 < 2011_1_640
SAP NetWeaver AS ABAP (SAP Landscape Transformation) < 2011_1_700 < 2011_1_700