CVE-2020-26838: OS Command Injection
First published: Wed Dec 09 2020(Updated: )
SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality, integrity and availability of the server and any data or other applications running on it.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Business Warehouse | =700 | |
| SAP Business Warehouse | =701 | |
| SAP Business Warehouse | =702 | |
| SAP Business Warehouse | =731 | |
| SAP Business Warehouse | =740 | |
| SAP Business Warehouse | =750 | |
| SAP Business Warehouse | =751 | |
| SAP Business Warehouse | =752 | |
| SAP Business Warehouse | =753 | |
| SAP Business Warehouse | =754 | |
| SAP Business Warehouse | =755 | |
| SAP Business Warehouse | =782 | |
| Sap Bw\/4hana | =100 | |
| Sap Bw\/4hana | =200 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2020-26838?
CVE-2020-26838 is a vulnerability in SAP Business Warehouse and SAP BW4HANA that allows an attacker with high developer privileges to execute code without user interaction.
Which software versions are affected by CVE-2020-26838?
CVE-2020-26838 affects SAP Business Warehouse versions 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA versions 100, 200.
What is the severity of CVE-2020-26838?
CVE-2020-26838 has a severity rating of 9.1 (critical).
How can an attacker exploit CVE-2020-26838?
An attacker with high developer privileges can exploit CVE-2020-26838 by submitting a crafted request to generate and execute code without requiring any user interaction.
How can I fix CVE-2020-26838?
To fix CVE-2020-26838, apply the necessary security patches provided by SAP and follow their recommended mitigation steps.
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/tags
- agent/type
- agent/event
- agent/description
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/nvd-index
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap business warehouse
- version/sap business warehouse/700
- version/sap business warehouse/701
- version/sap business warehouse/702
- version/sap business warehouse/731
- version/sap business warehouse/740
- version/sap business warehouse/750
- version/sap business warehouse/751
- version/sap business warehouse/752
- version/sap business warehouse/753
- version/sap business warehouse/754
- version/sap business warehouse/755
- version/sap business warehouse/782
- canonical/sap bw\/4hana
- version/sap bw\/4hana/100
- version/sap bw\/4hana/200