CVE-2020-26826: Malicious File Upload
First published: Wed Dec 09 2020(Updated: )
Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an attacker to upload any file (including script files) without proper file format validation, leading to Unrestricted File Upload.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Application Server Java | =7.31 | |
| SAP NetWeaver Application Server Java | =7.40 | |
| SAP NetWeaver Application Server Java | =7.50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this security vulnerability?
The vulnerability ID is CVE-2020-26826.
What is the title of this security vulnerability?
The title of this security vulnerability is 'Process Integration Monitoring of SAP NetWeaver AS JAVA versions - 7.31 7.40 7.50 allows an attacker…'
What is the severity of CVE-2020-26826?
The severity of CVE-2020-26826 is medium.
Which versions of SAP NetWeaver AS JAVA are affected by CVE-2020-26826?
CVE-2020-26826 affects SAP NetWeaver AS JAVA versions 7.31, 7.40, and 7.50.
How does CVE-2020-26826 work?
CVE-2020-26826 allows an attacker to upload any file (including script files) without proper file format validation, leading to Unrestricted File Upload.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap netweaver application server java
- version/sap netweaver application server java/7.31
- version/sap netweaver application server java/7.40
- version/sap netweaver application server java/7.50