Code Injection Vulnerability in SAP Business Warehouse Affecting Multiple Versions
CVE-2020-26838

9.1CRITICAL

Key Information:

Vendor: SAP
Status: SAP Business Warehouse; SAP Bw4hana
Vendor: CVE Published:; 9 December 2020

What is CVE-2020-26838?

An authenticated attacker with elevated developer privileges in SAP Business Warehouse can exploit a vulnerability to craft requests that execute arbitrary Operating System commands. This code injection flaw poses significant risks, compromising the confidentiality, integrity, and availability of the affected server and all data and applications running on it. Organizations need to be aware of this vulnerability and take appropriate measures to mitigate potential security breaches.

Affected Version(s)

SAP Business Warehouse < 700 < 700

SAP Business Warehouse < 701 < 701

SAP Business Warehouse < 702 < 702

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2983367

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Dec 9, 2020
Vulnerability Reserved
Oct 7, 2020