CVE-2020-26829

Name of the Vulnerable Software and Affected Versions SAP NetWeaver AS JAVA (P2P Cluster Communication) versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50

Description The issue allows arbitrary connections from processes outside the cluster and even outside the network segment dedicated for internal cluster communication due to a missing authentication check. As a result, an unauthenticated attacker can invoke certain functions that would otherwise be restricted to system administrators only, including access to system administration functions or shutting down the system completely.

Recommendations For SAP NetWeaver AS JAVA (P2P Cluster Communication) versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, update to a version that includes the fix for the missing authentication check in P2P Cluster Communication. At the moment, there is no information about a newer version that contains a fix for this vulnerability.