CVE-2020-26820

Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS JAVA versions 7.20, 7.30, 7.31, 7.40, 7.50

Description The issue allows an attacker who is authenticated as an administrator to use the administrator console to expose unauthenticated access to the file system and upload a malicious file. The attacker or another user can then use a separate mechanism to execute OS commands through the uploaded file, leading to Privilege Escalation and completely compromising the confidentiality, integrity, and availability of the server operating system and any application running on it.

Recommendations For SAP NetWeaver AS JAVA versions 7.20, 7.30, 7.31, 7.40, 7.50, update to a version that includes the fix for this issue to prevent exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.