Lucene search

[email protected]NVD:CVE-2020-26824

HistoryNov 10, 2020 - 5:15 p.m.

CVE-2020-26824

2020-11-1017:15:14

CWE-306

[email protected]

web.nvd.nist.gov

sap solution manager

unauthenticated attacker

compromise risk

upgrade legacy ports service

integrity impact

availability impact

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

47.2%

JSON

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Legacy Ports Service, this has an impact to the integrity and availability of the service.

Affected configurations

Nvd

Node

sapsolution_managerMatch7.20

VendorProductVersionCPE
sapsolution_manager7.20cpe:2.3:a:sap:solution_manager:7.20:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
sap	solution_manager	7.20	cpe:2.3:a:sap:solution_manager:7.20:::::::*

References

launchpad.support.sap.com/#/notes/2985866

wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

AI Score

9.6

Confidence

High

EPSS

0.001

Percentile

47.2%

JSON

Related for NVD:CVE-2020-26824

prion1 cve1 cvelist1