CVE-2020-26830
First published: Wed Dec 09 2020(Updated: )
SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, does not perform necessary authorization checks for an authenticated user. Due to inadequate access control, a network attacker authenticated as a regular user can use operations which should be restricted to administrators. These operations can be used to Change the User Experience Monitoring configuration, obtain details about the configured SAP Solution Manager agents, Deploy a malicious User Experience Monitoring script.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Solution Manager | =7.20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this SAP Solution Manager vulnerability?
The vulnerability ID for this SAP Solution Manager vulnerability is CVE-2020-26830.
What is the severity of CVE-2020-26830?
The severity of CVE-2020-26830 is high with a severity value of 8.1.
What is the affected version of SAP Solution Manager for this vulnerability?
The affected version of SAP Solution Manager for this vulnerability is 7.2.
What is the impact of this vulnerability?
This vulnerability allows a network attacker authenticated as a regular user to perform operations that should be restricted to administrators.
Are there any patches or fixes available for CVE-2020-26830?
Yes, SAP has released a patch for this vulnerability. Please refer to the SAP Note 2983204 for more information.
- collector/nvd-index
- vendor/sap
- canonical/sap solution manager
- version/sap solution manager/7.20