CVE-2020-26828
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. In some file types it is possible to enter formulas which can call external applications or execute scripts. The execution of a payload (script) on target machine could be used to steal and modify the data available in the spreadsheet
SAP Disclosure Management, versión 10.1, proporciona capacidades para que usuarios autorizados carguen y descarguen contenido de un tipo de archivo específico. En algunos tipos de archivos es posible ingresar fórmulas que pueden llamar aplicaciones externas o ejecutar scripts. La ejecución de una carga útil (script) en la máquina objetivo podría ser usado para robar y modificar los datos disponibles en la hoja de cálculo
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-10-07 CVE Reserved
- 2020-12-09 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-434: Unrestricted Upload of File with Dangerous Type
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079 | 2020-12-11 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Sap Search vendor "Sap" | Disclosure Management Search vendor "Sap" for product "Disclosure Management" | 10.1 Search vendor "Sap" for product "Disclosure Management" and version "10.1" | - |
Affected
| ||||||