SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure.
References
| Link | Resource |
|---|---|
| https://launchpad.support.sap.com/#/notes/2971954 | Permissions Required Vendor Advisory |
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
05 Oct 2022, 14:16
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Sap netweaver Application Server Abap
|
|
| CPE | cpe:2.3:a:sap:netweaver_as_abap:731:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap:753:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap:750:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap:740:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap:754:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap:752:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap:755:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_as_abap:751:*:*:*:*:*:*:* |
cpe:2.3:a:sap:netweaver_application_server_abap:731:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:755:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:754:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:782:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:753:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:750:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:751:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:740:*:*:*:*:*:*:* cpe:2.3:a:sap:netweaver_application_server_abap:752:*:*:*:*:*:*:* |
| CWE | CWE-862 |
Information
Published : 2020-11-10 17:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-26818
Mitre link : CVE-2020-26818
CVE.ORG link : CVE-2020-26818
JSON object : View
Products Affected
sap
- netweaver_application_server_abap
CWE
CWE-862
Missing Authorization