PT-2020-16495 · Sap · Sap As Abap+1

Published

2020-11-10

Updated

2022-07-01

CVE-2020-26808

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions SAP AS ABAP(DMIS) versions 2011 1 620 through 2020 SAP S4 HANA(DMIS) versions 101 through 105

Description The issue allows an authenticated attacker to inject arbitrary code into a function module, leading to code injection that can be executed in the application. This affects the confidentiality, availability, and integrity of the application.

Recommendations For SAP AS ABAP(DMIS) versions 2011 1 620 through 2020, update to a version that includes the fix for this issue. For SAP S4 HANA(DMIS) versions 101 through 105, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the function module to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2020-26808

Affected Products

Sap As Abap

Sap S/4Hana

PT-2020-16495 · Sap · Sap As Abap+1

CVE-2020-26808

Related Identifiers

Affected Products

References · 9