PT-2020-16516 · Sap · Sap As Abap+1
Alexander Meier
+1
·
Published
2020-12-09
·
Updated
2022-10-05
·
CVE-2020-26832
CVSS v3.1
7.6
High
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
SAP AS ABAP (SAP Landscape Transformation) versions 2011 1 620 through 2020
SAP S4 HANA (SAP Landscape Transformation) versions 101 through 105
Description
The issue allows a high privileged user to execute a RFC function module to which access should be restricted. Due to missing authorization, an attacker can get access to some sensitive internal information of the vulnerable SAP system or make the vulnerable SAP systems completely unavailable.
Recommendations
For SAP AS ABAP (SAP Landscape Transformation) versions 2011 1 620 through 2020, restrict access to the RFC function module to minimize the risk of exploitation.
For SAP S4 HANA (SAP Landscape Transformation) versions 101 through 105, restrict access to the RFC function module to minimize the risk of exploitation.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap As Abap
Sap S/4Hana