Unknown
CVE-2020-26832
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
Add References:
CVE-2020-26832
MITRE ATT&CK
Collection
Command and Control
Credential Access
Defense Evasion
Discovery
Execution
Exfiltration
Impact
Initial Access
Lateral Movement
Persistence
Privilege Escalation
Topic Tags
Description
SAP AS ABAP (SAP Landscape Transformation), versions – 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA (SAP Landscape Transformation), versions – 101, 102, 103, 104, 105, allows a high privileged user to execute a RFC function module to which access should be restricted, however due to missing authorization an attacker can get access to some sensitive internal information of vulnerable SAP system or to make vulnerable SAP systems completely unavailable.
Add Assessment
No one has assessed this topic. Be the first to add your voice to the community.
CVSS V3 Severity and Metrics
General Information
Vendors
Products
- netweaver application server abap 2011 1 620,
- netweaver application server abap 2011 1 640,
- netweaver application server abap 2011 1 700,
- netweaver application server abap 2011 1 710,
- netweaver application server abap 2011 1 730,
- netweaver application server abap 2011 1 731,
- netweaver application server abap 2011 1 752,
- netweaver application server abap 2020,
- s/4 hana 101,
- s/4 hana 102,
- s/4 hana 103,
- s/4 hana 104,
- s/4 hana 105
References
Additional Info
Technical Analysis
Report as Emergent Threat Response
Report as Zero-day Exploit
Report as Exploited in the Wild
CVE ID
AttackerKB requires a CVE ID in order to pull vulnerability data and references from the CVE list and the National Vulnerability Database. If available, please supply below:
