CVE-2020-26821

CRITICAL

10.0

CVSS 3.0

Description

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service.

Metadata

CVE ID: CVE-2020-26821
State: PUBLISHED
Assigner: sap
Reserved: 2020-10-07 00:00 UTC
Published: 2020-11-10 16:17 UTC
Last updated: 2024-08-04 16:03 UTC
Vendor / Product: SAP SE / SAP Solution Manager (JAVA stack)
Sources: cve.org · NVD

Severity & Metrics

10.0 CRITICAL CVSS 3.0

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

Affected products (1)

Vendor	Product	Platform	Versions
SAP SE	SAP Solution Manager (JAVA stack)	—	< 7.20

Weakness (CWE)

CWE	Source	Description
—	cna	Missing Authorization

CVSS scores (1)

Score	Severity	Version	Source	Vector
10.0	CRITICAL	3.0	cna	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

References (2)

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571
https://launchpad.support.sap.com/#/notes/2985866

Back to overview