Unrated severityNVD Advisory· Published Dec 9, 2020· Updated Aug 4, 2024

CVE-2020-26832

Description

SAP AS ABAP (SAP Landscape Transformation), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions - 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

SAP/SAP AS ABAPllm-create
Range: 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020
SAP/Hanallm-fuzzy
Range: 101, 102, 103, 104, 105
SAP SE/SAP NetWeaver AS ABAP (SAP Landscape Transformation)v5
Range: < 2011_1_620
SAP SE/SAP S4 HANA (SAP Landscape Transformation)v5
Range: < 101

Patches

Vulnerability mechanics

References

packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.htmlmitrex_refsource_MISC
seclists.org/fulldisclosure/2022/May/42mitremailing-listx_refsource_FULLDISC
launchpad.support.sap.commitrex_refsource_MISC
wiki.scn.sap.com/wiki/pages/viewpage.actionmitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000