Code Injection Vulnerability in SAP Business Warehouse Affecting Multiple Versions
CVE-2020-26838

9.1CRITICAL

Key Information:

Vendor
SAP
Status
SAP Business Warehouse
SAP Bw4hana
Vendor
CVE Published:
9 December 2020

Summary

An authenticated attacker with elevated developer privileges in SAP Business Warehouse can exploit a vulnerability to craft requests that execute arbitrary Operating System commands. This code injection flaw poses significant risks, compromising the confidentiality, integrity, and availability of the affected server and all data and applications running on it. Organizations need to be aware of this vulnerability and take appropriate measures to mitigate potential security breaches.

Affected Version(s)

SAP Business Warehouse < 700 < 700

SAP Business Warehouse < 701 < 701

SAP Business Warehouse < 702 < 702

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/2983367
x_refsource_MISC

CVSS V3.1

Score:
9.1
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
🍪 This website uses cookies, like every other website on the internet 😕 By using our website, you consent to the use of cookies.