CVE Vulnerability

CVE-2020-26823

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Service, this has an impact to the integrity and availability of the service.

6.4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 4.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

10 /10

CVSS v3.0 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 5.8

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://launchpad.support.sap.com/#/notes/2985866 Permissions Required Vendor Advisory
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571 Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:sap:solution_manager:7.20:*:*:*:*:*:*:*
Information

Published : 2020-11-10 05:15

Updated : 2021-07-21 11:39

NVD link : CVE-2020-26823

Mitre link : CVE-2020-26823

Products Affected
No products.
CWE
CWE-306