CVE-2020-26815

Name of the Vulnerable Software and Affected Versions SAP Fiori Launchpad (News tile Application) versions 750,751,752,753,754,755

Description The issue allows an unauthorized attacker to send a crafted request to a vulnerable web application, typically used to target internal systems behind firewalls that are normally inaccessible from the external network. This results in the retrieval of sensitive or confidential resources that are otherwise restricted for internal usage only, leading to a Server-Side Request Forgery vulnerability.

Recommendations For versions 750,751,752,753,754,755, consider restricting access to the vulnerable web application to minimize the risk of exploitation. As a temporary workaround, consider disabling the News tile Application until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.