Vulnerability Details : CVE-2020-26823
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Service, this has an impact to the integrity and availability of the service.
Products affected by CVE-2020-26823
- cpe:2.3:a:sap:solution_manager:7.20:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-26823
0.12%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-26823
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:P |
10.0
|
4.9
|
NIST | |
10.0
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H |
3.9
|
5.8
|
SAP SE | |
10.0
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H |
3.9
|
5.8
|
NIST |
CWE ids for CVE-2020-26823
-
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-26823
-
https://launchpad.support.sap.com/#/notes/2985866
SAP ONE Support Launchpad: Log OnPermissions Required;Vendor Advisory
-
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571
SAP Security Patch Day – November 2020 - Product Security Response at SAP - Community WikiVendor Advisory
Jump to