Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.2
CVSSv3

CVE-2020-26808

Published: 10/11/2020 Updated: 01/07/2022
CVSS v2 Base Score: 6.5 | Impact Score: 6.4 | Exploitability Score: 8
CVSS v3 Base Score: 7.2 | Impact Score: 5.9 | Exploitability Score: 1.2
VMScore: 578
Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P
Subscribe to Sap S4 Hana\(dmis\)

Vulnerability Summary

SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticated malicious user to inject arbitrary code into function module leading to code injection that can be executed in the application which affects the confidentiality, availability and integrity of the application.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sap sap s4 hana\\(dmis\\) 101

sap sap s4 hana\\(dmis\\) 102

sap sap s4 hana\\(dmis\\) 103

sap sap s4 hana\\(dmis\\) 104

sap sap s4 hana\\(dmis\\) 105

sap sap as abap\\(dmis\\) 2011_1_620

sap sap as abap\\(dmis\\) 2011_1_640

sap sap as abap\\(dmis\\) 2011_1_700

sap sap as abap\\(dmis\\) 2011_1_710

sap sap as abap\\(dmis\\) 2011_1_730

sap sap as abap\\(dmis\\) 2011_1_731

sap sap as abap\\(dmis\\) 2011_1_752

sap sap as abap\\(dmis\\) 2020

Exploits

Exploit DB: SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization
The SAP application server ABAP and ABAP Platform are susceptible to code injection, SQL injection, and missing authorization vulnerabilities Multiple SAP products are affected ...

References

NVD-CWE-noinfohttps://launchpad.support.sap.com/#/notes/2973735https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571http://seclists.org/fulldisclosure/2022/May/42http://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.htmlhttps://nvd.nist.govhttps://packetstormsecurity.com/files/167229/SAP-Application-Server-ABAP-ABAP-Platform-Code-Injection-SQL-Injection-Missing-Authorization.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002CVE-2006-4304CVE-2024-4336CVE-2024-33437CVE-2024-4340CVE-2024-27956privilegeinsecure direct object referenceXSSitem search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook