CVE Vulnerabilities

CVE-2020-26808

Published: Nov 10, 2020 | Modified: Jul 01, 2022
CVSS 3.x
7.2
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code injection that can be executed in the application which affects the confidentiality, availability and integrity of the application.

Affected Software

Name Vendor Start Version End Version
Sap_as_abap(dmis) Sap 2011_1_620 (including) 2011_1_620 (including)
Sap_as_abap(dmis) Sap 2011_1_640 (including) 2011_1_640 (including)
Sap_as_abap(dmis) Sap 2011_1_700 (including) 2011_1_700 (including)
Sap_as_abap(dmis) Sap 2011_1_710 (including) 2011_1_710 (including)
Sap_as_abap(dmis) Sap 2011_1_730 (including) 2011_1_730 (including)
Sap_as_abap(dmis) Sap 2011_1_731 (including) 2011_1_731 (including)
Sap_as_abap(dmis) Sap 2011_1_752 (including) 2011_1_752 (including)
Sap_as_abap(dmis) Sap 2020 (including) 2020 (including)
Sap_s4_hana(dmis) Sap 101 (including) 101 (including)
Sap_s4_hana(dmis) Sap 102 (including) 102 (including)
Sap_s4_hana(dmis) Sap 103 (including) 103 (including)
Sap_s4_hana(dmis) Sap 104 (including) 104 (including)
Sap_s4_hana(dmis) Sap 105 (including) 105 (including)

References