Unrated severityNVD Advisory· Published Nov 10, 2020· Updated Aug 4, 2024

CVE-2020-26808

Description

SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code injection that can be executed in the application which affects the confidentiality, availability and integrity of the application.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

SAP/AS ABAP(DMIS)llm-create
Range: 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020
SAP/S4 HANA(DMIS)llm-create
Range: 101, 102, 103, 104, 105
SAP SE/SAP AS ABAP(DMIS)v5
Range: < 2011_1_620
SAP SE/SAP S4 HANA(DMIS)v5
Range: < 101

Patches

Vulnerability mechanics

References

packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.htmlmitrex_refsource_MISC
seclists.org/fulldisclosure/2022/May/42mitremailing-listx_refsource_FULLDISC
launchpad.support.sap.commitrex_refsource_MISC
wiki.scn.sap.com/wiki/pages/viewpage.actionmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000