VDB
CVE-2020-26837
CVE-2020-26837
PUBLISHED
CVSS 8.5 HIGH
SAP Solution Manager 7.2 (User Experience Monitoring), version - 7.2, allows an authenticated user to upload a malicious script that can exploit an existing path traversal vulnerability to compromise confidentiality exposing elements of the file system, partially compromise integrity allowing the modification of some configurations and partially compromise availability by making certain services unavailable.
EPSS 0.56% · 68.6th percentile
Risk Scores
CVSS 3.0
8.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:L
EPSS Score
0.56%
68.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| SAP SE | SAP Solution Manager (User Experience Monitoring) | < 7.20 |
| sap | solution_manager | 7.20 |
Exploit Intelligence
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079 (circl)
- https://launchpad.support.sap.com/#/notes/2983204 (circl)
- 20210614 Onapsis Security Advisory 2021-0010: File exfiltration and DoS in SolMan End-User Experience Monitoring (circl)
- http://packetstormsecurity.com/files/163160/SAP-Solution-Manager-7.2-File-Disclosure-Denial-Of-Service.html (circl)
Timeline
- Dec 8, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 19, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079 advisory
- https://launchpad.support.sap.com/#/notes/2983204 url
- 20210614 Onapsis Security Advisory 2021-0010: File exfiltration and DoS in SolMan End-User Experience Monitoring mailing-list
- http://packetstormsecurity.com/files/163160/SAP-Solution-Manager-7.2-File-Disclosure-Denial-Of-Service.html url
- https://nvd.nist.gov/vuln/detail/CVE-2020-26837 advisory