CVE-2020-26826 — Vulnetix

CVE-2020-26826 PUBLISHED CVSS 6.5 MEDIUM

Process Integration Monitoring of SAP NetWeaver AS JAVA, versions - 7.31, 7.40, 7.50, allows an attacker to upload any file (including script files) without proper file format validation, leading to Unrestricted File Upload.

EPSS 0.45% · 63.8th percentile

Risk Scores

CVSS v3.0

6.5

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

EPSS Score

0.45%

63.8th percentile

Affected Products

Vendor	Product	Versions
SAP SE	SAP NetWeaver AS JAVA	< 7.31, < 7.40, < 7.50
sap	netweaver_application_server_java	7.31, 7.50, 7.40

Timeline

Dec 8, 2020 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Aug 24, 2021 EPSS Score
Oct 25, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Feb 27, 2022 EPSS Score
Apr 1, 2022 EPSS Score
May 1, 2022 EPSS Score
Jul 2, 2022 EPSS Score
Sep 4, 2022 EPSS Score

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079 advisory
https://launchpad.support.sap.com/#/notes/2974330 url
https://nvd.nist.gov/vuln/detail/CVE-2020-26826 advisory

Open in Interactive Console →