← Back to CVEs
CVE-2020-26821
CRITICAL10.0
Description
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service.
CVE Details
CVSS v3.1 Score10.0
SeverityCRITICAL
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredNONE
User InteractionNONE
Published11/10/2020
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
sap:solution_manager
Weaknesses (CWE)
CWE-306
References
https://launchpad.support.sap.com/#/notes/2985866(cna@sap.com)
https://launchpad.support.sap.com/#/notes/2985866(af854a3a-2127-422b-91ae-364da2661108)
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.