CVE-2020-26816
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has administrator access to the SAP NetWeaver AS Java to decode the keys because of missing encryption and get some application data and client credentials of adjacent systems. This highly impacts Confidentiality as information disclosed could contain client credentials of adjacent systems.
SAP AS JAVA (Key Storage Service), versiones - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, posee el material de claves que es almacenado en el servicio SAP NetWeaver AS Java Key Storage almacenado en la base de datos en el formato codificado DER. y no está cifrado. Esto permite a un atacante que tiene acceso de administrador a SAP NetWeaver AS Java decodificar las claves debido a la falta de cifrado y obtener algunos datos de la aplicación y las credenciales de cliente de los sistemas adyacentes. Esto tiene un gran impacto en la confidencialidad, ya que la información divulgada podría contener credenciales de clientes de sistemas adyacentes
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-10-07 CVE Reserved
- 2020-12-09 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-312: Cleartext Storage of Sensitive Information
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079 | 2021-07-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | 7.10 Search vendor "Sap" for product "Netweaver Application Server Java" and version "7.10" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | 7.11 Search vendor "Sap" for product "Netweaver Application Server Java" and version "7.11" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | 7.20 Search vendor "Sap" for product "Netweaver Application Server Java" and version "7.20" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | 7.30 Search vendor "Sap" for product "Netweaver Application Server Java" and version "7.30" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | 7.31 Search vendor "Sap" for product "Netweaver Application Server Java" and version "7.31" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | 7.40 Search vendor "Sap" for product "Netweaver Application Server Java" and version "7.40" | - |
Affected
| ||||||
| Sap Search vendor "Sap" | Netweaver Application Server Java Search vendor "Sap" for product "Netweaver Application Server Java" | 7.50 Search vendor "Sap" for product "Netweaver Application Server Java" and version "7.50" | - |
Affected
| ||||||