CVE-2020-26838

Name of the Vulnerable Software and Affected Versions SAP Business Warehouse versions 700 through 782 SAP BW4HANA versions 100 through 200

Description The issue allows an attacker authenticated with high developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. This can result in the execution of Operating System commands, leading to a Code Injection vulnerability that could completely compromise the confidentiality, integrity, and availability of the server and any data or other applications running on it.

Recommendations For SAP Business Warehouse versions 700 through 782, update to a version that includes the fix for this issue. For SAP BW4HANA versions 100 through 200, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting access to the system for users with high developer privileges until a patch is available.