CVE-2020-26819 | Vulnerability Database | Aqua Security

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control.

Affected Software

Name	Vendor	Start Version	End Version
Netweaver_application_server_abap	Sap	731 (including)	731 (including)
Netweaver_application_server_abap	Sap	740 (including)	740 (including)
Netweaver_application_server_abap	Sap	750 (including)	750 (including)
Netweaver_application_server_abap	Sap	751 (including)	751 (including)
Netweaver_application_server_abap	Sap	752 (including)	752 (including)
Netweaver_application_server_abap	Sap	753 (including)	753 (including)
Netweaver_application_server_abap	Sap	754 (including)	754 (including)
Netweaver_application_server_abap	Sap	755 (including)	755 (including)
Netweaver_application_server_abap	Sap	782 (including)	782 (including)

References

https://launchpad.support.sap.com/#/notes/2971954
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571
https://launchpad.support.sap.com/#/notes/2971954
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571

NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-26819
CWE	https://cwe.mitre.org/data/definitions/.html