CVE-2020-26823

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Service, this has an impact to the integrity and availability of the service.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sap:solution_manager:7.20:*:*:*:*:*:*:*

History

21 Nov 2024, 05:20

Type Values Removed Values Added
References () https://launchpad.support.sap.com/#/notes/2985866 - Permissions Required, Vendor Advisory () https://launchpad.support.sap.com/#/notes/2985866 - Permissions Required, Vendor Advisory
References () https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571 - Vendor Advisory () https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571 - Vendor Advisory

Information

Published : 2020-11-10 17:15

Updated : 2024-11-21 05:20


NVD link : CVE-2020-26823

Mitre link : CVE-2020-26823

CVE.ORG link : CVE-2020-26823


JSON object : View

Products Affected

sap

  • solution_manager
CWE
CWE-306

Missing Authentication for Critical Function