CVE-2020-26821 CRITICAL

CVE-2020-26821

Vendor Sap Se
Product SAP Solution Manager (JAVA stack)
Published November 10, 2020
Last update August 4, 2024

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

What the vulnerability does

01Description

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service.

Key dates

02Disclosure timeline

November 10, 2020 CVE published
August 4, 2024 Record updated