CVE-2020-26837: Path Traversal
First published: Wed Dec 09 2020(Updated: )
SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability to compromise confidentiality exposing elements of the file system, partially compromise integrity allowing the modification of some configurations and partially compromise availability by making certain services unavailable.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Solution Manager | =7.20 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-26837?
The severity of CVE-2020-26837 is critical, with a severity value of 9.1.
How does CVE-2020-26837 impact SAP Solution Manager 7.2?
CVE-2020-26837 allows an authenticated user to upload a malicious script that can exploit a path traversal vulnerability, compromising confidentiality and partially compromising integrity.
What versions of SAP Solution Manager are affected by CVE-2020-26837?
SAP Solution Manager version 7.2 is affected by CVE-2020-26837.
How can CVE-2020-26837 be exploited?
An authenticated user can upload a malicious script to exploit the path traversal vulnerability in SAP Solution Manager 7.2.
Are there any patches or fixes available for CVE-2020-26837?
Yes, SAP has released a note with a fix for CVE-2020-26837. Please refer to the SAP Support Portal for more information.
- collector/nvd-index
- agent/severity
- agent/weakness
- agent/references
- agent/author
- agent/description
- agent/type
- agent/event
- agent/softwarecombine
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap solution manager
- version/sap solution manager/7.20