VDB
CVE-2020-26836
CVE-2020-26836
PUBLISHED
CVSS 3.4000000953674316 LOW
SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulnerability, an attacker can enter a link to malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the application URL and share it with the end user who could potentially become a victim of the attack.
EPSS 8.03% · 92.3th percentile
Risk Scores
CVSS 3.0
3.4000000953674316
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N
EPSS Score
8.03%
92.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| sap | solution_manager | 7.20 |
| SAP SE | SAP Solution Manager (Trace Analysis) | < 720 |
Exploit Intelligence
- (crowdsec)
- (crowdsec)
- (crowdsec)
- (crowdsec)
- (crowdsec)
- (crowdsec)
- (crowdsec)
- (crowdsec)
- (crowdsec)
- CIRCL seen: CVE-2020-26836 (circl-sighting)
…and 43 more exploits
Timeline
- Dec 8, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Jun 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jun 3, 2022 CrowdSec Sighting
- Sep 4, 2022 EPSS Score
- Oct 17, 2022 CrowdSec Sighting
- Nov 6, 2022 EPSS Score
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079 advisory
- https://launchpad.support.sap.com/#/notes/2938650 url
- 20210614 Onapsis Security Advisory 2021-0005: SAP Solution Manager Open Redirect from Trace Analysis mailing-list
- http://packetstormsecurity.com/files/163136/SAP-Solution-Manager-7.2-ST-720-Open-Redirection.html url
- https://nvd.nist.gov/vuln/detail/CVE-2020-26836 advisory