CVE-2020-26836 LOW

CVE-2020-26836

Vendor Sap Se
Product SAP Solution Manager (Trace Analysis)
Published December 9, 2020
Last update August 4, 2024

CVSS base score

3.4/10
Attack vector Network
Attack complexity High
Privileges required None
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:N/A:N

What the vulnerability does

01Description

SAP Solution Manager (Trace Analysis), version - 720, allows for misuse of a parameter in the application URL leading to Open Redirect vulnerability, an attacker can enter a link to malicious site which could trick the user to enter credentials or download malicious software, as a parameter in the application URL and share it with the end user who could potentially become a victim of the attack.

Key dates

02Disclosure timeline

December 9, 2020 CVE published
August 4, 2024 Record updated