// For flags

CVE-2020-26808

SAP Application Server ABAP / ABAP Platform Code Injection / SQL Injection / Missing Authorization

Severity Score

7.2
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

SAP AS ABAP(DMIS), versions - 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 and SAP S4 HANA(DMIS), versions - 101, 102, 103, 104, 105, allows an authenticated attacker to inject arbitrary code into function module leading to code injection that can be executed in the application which affects the confidentiality, availability and integrity of the application.

SAP AS ABAP (DMIS), versiones: 2011_1_620, 2011_1_640, 2011_1_700, 2011_1_710, 2011_1_730, 2011_1_731, 2011_1_752, 2020 y SAP S4 HANA (DMIS), versiones: 101, 102, 103, 104, 105, permite a un atacante autenticado inyectar código arbitrario en el módulo de función conllevando a una inyección de código que puede ser ejecutada en la aplicación, lo que afecta la confidencialidad, disponibilidad e integridad de la aplicación

The SAP application server ABAP and ABAP Platform are susceptible to code injection, SQL injection, and missing authorization vulnerabilities. Multiple SAP products are affected.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-10-07 CVE Reserved
  • 2020-11-10 CVE Published
  • 2024-07-28 EPSS Updated
  • 2024-08-04 CVE Updated
  • 2024-08-04 First Exploit
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Sap
Search vendor "Sap"
 Sap As Abap\(dmis\)
Search vendor "Sap" for product "Sap As Abap\(dmis\)"
 2011_1_620
Search vendor "Sap" for product "Sap As Abap\(dmis\)" and version "2011_1_620"
-
Affected
Sap
Search vendor "Sap"
 Sap As Abap\(dmis\)
Search vendor "Sap" for product "Sap As Abap\(dmis\)"
 2011_1_640
Search vendor "Sap" for product "Sap As Abap\(dmis\)" and version "2011_1_640"
-
Affected
Sap
Search vendor "Sap"
 Sap As Abap\(dmis\)
Search vendor "Sap" for product "Sap As Abap\(dmis\)"
 2011_1_700
Search vendor "Sap" for product "Sap As Abap\(dmis\)" and version "2011_1_700"
-
Affected
Sap
Search vendor "Sap"
 Sap As Abap\(dmis\)
Search vendor "Sap" for product "Sap As Abap\(dmis\)"
 2011_1_710
Search vendor "Sap" for product "Sap As Abap\(dmis\)" and version "2011_1_710"
-
Affected
Sap
Search vendor "Sap"
 Sap As Abap\(dmis\)
Search vendor "Sap" for product "Sap As Abap\(dmis\)"
 2011_1_730
Search vendor "Sap" for product "Sap As Abap\(dmis\)" and version "2011_1_730"
-
Affected
Sap
Search vendor "Sap"
 Sap As Abap\(dmis\)
Search vendor "Sap" for product "Sap As Abap\(dmis\)"
 2011_1_731
Search vendor "Sap" for product "Sap As Abap\(dmis\)" and version "2011_1_731"
-
Affected
Sap
Search vendor "Sap"
 Sap As Abap\(dmis\)
Search vendor "Sap" for product "Sap As Abap\(dmis\)"
 2011_1_752
Search vendor "Sap" for product "Sap As Abap\(dmis\)" and version "2011_1_752"
-
Affected
Sap
Search vendor "Sap"
 Sap As Abap\(dmis\)
Search vendor "Sap" for product "Sap As Abap\(dmis\)"
 2020
Search vendor "Sap" for product "Sap As Abap\(dmis\)" and version "2020"
-
Affected
Sap
Search vendor "Sap"
 Sap S4 Hana\(dmis\)
Search vendor "Sap" for product "Sap S4 Hana\(dmis\)"
 101
Search vendor "Sap" for product "Sap S4 Hana\(dmis\)" and version "101"
-
Affected
Sap
Search vendor "Sap"
 Sap S4 Hana\(dmis\)
Search vendor "Sap" for product "Sap S4 Hana\(dmis\)"
 102
Search vendor "Sap" for product "Sap S4 Hana\(dmis\)" and version "102"
-
Affected
Sap
Search vendor "Sap"
 Sap S4 Hana\(dmis\)
Search vendor "Sap" for product "Sap S4 Hana\(dmis\)"
 103
Search vendor "Sap" for product "Sap S4 Hana\(dmis\)" and version "103"
-
Affected
Sap
Search vendor "Sap"
 Sap S4 Hana\(dmis\)
Search vendor "Sap" for product "Sap S4 Hana\(dmis\)"
 104
Search vendor "Sap" for product "Sap S4 Hana\(dmis\)" and version "104"
-
Affected
Sap
Search vendor "Sap"
 Sap S4 Hana\(dmis\)
Search vendor "Sap" for product "Sap S4 Hana\(dmis\)"
 105
Search vendor "Sap" for product "Sap S4 Hana\(dmis\)" and version "105"
-
Affected