CVE-2020-26828

Name of the Vulnerable Software and Affected Versions SAP Disclosure Management version 10.1

Description The issue allows authorized users to upload and download specific file types, some of which can contain formulas that call external applications or execute scripts. This could lead to the execution of a payload on the target machine, potentially resulting in data theft or modification within the spreadsheet.

Recommendations For SAP Disclosure Management version 10.1, consider restricting the upload and download of file types that can contain executable formulas or scripts until a fix is available. As a temporary workaround, limiting access to sensitive data within the spreadsheet can help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.