CVE-2020-26822

Published Nov 10, 2020

Last updated 3 years ago

Overview

Description
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Outside Discovery Configuration Service, this has an impact to the integrity and availability of the service.
Source
cna@sap.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
10
Impact score
5.8
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
Severity
CRITICAL

CVSS 3.0

Type
Secondary
Base score
10
Impact score
5.8
Exploitability score
3.9
Vector string
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
Severity
CRITICAL

CVSS 2.0

Type
Primary
Base score
6.4
Impact score
4.9
Exploitability score
10
Vector string
AV:N/AC:L/Au:N/C:N/I:P/A:P

Weaknesses

nvd@nist.gov
CWE-306

Social media

Hype score
Not currently trending

Configurations