CVE-2020-26837

Name of the Vulnerable Software and Affected Versions SAP Solution Manager 7.2 (User Experience Monitoring) version 7.2

Description The issue allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability. This can compromise confidentiality by exposing elements of the file system, partially compromise integrity by allowing the modification of some configurations, and partially compromise availability by making certain services unavailable.

Recommendations For SAP Solution Manager 7.2 (User Experience Monitoring) version 7.2, consider restricting the upload of scripts to prevent exploitation of the path traversal vulnerability until a patch is available. As a temporary workaround, limit access to sensitive configurations and services to minimize the risk of modification or unavailability. At the moment, there is no information about a newer version that contains a fix for this vulnerability.