Strix
26.1K

CVE-2020-26838

CRITICALCVSS 9.1/10EPSS 2.15%

Last modified

CVE-2020-26838 is a critical-severity vulnerability rated 9.1/10 on the CVSS scale. SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality, integrity and availability of the server and any data or other applications running on it.. EPSS estimates a 2.15% chance of exploitation in the next 30 days.

Description

SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality, integrity and availability of the server and any data or other applications running on it.

Metrics

CVSS 3.1
9.1/10

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Probability
2.15%

79.8th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
SapBusiness Warehouse700
SapBusiness Warehouse701
SapBusiness Warehouse702
SapBusiness Warehouse731
SapBusiness Warehouse740
SapBusiness Warehouse750
SapBusiness Warehouse751
SapBusiness Warehouse752
SapBusiness Warehouse753
SapBusiness Warehouse754
SapBusiness Warehouse755
SapBusiness Warehouse782
SapBw\/4hana100
SapBw\/4hana200

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2020-26838?
SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality, integrity and availability of the server and any data or other applications running on it.
How severe is CVE-2020-26838?
CVE-2020-26838 has a CVSS score of 9.1/10 (CRITICAL severity). The EPSS model estimates a 2.15% probability of exploitation in the next 30 days.
How do I fix CVE-2020-26838?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-26838?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST