CVE-2020-26816 is a vulnerability in SAP Netweaver Application Server Java

CVE-2020-26816 is a vulnerability in SAP Netweaver Application Server Java
Published on December 9, 2020

SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has administrator access to the SAP NetWeaver AS Java to decode the keys because of missing encryption and get some application data and client credentials of adjacent systems. This highly impacts Confidentiality as information disclosed could contain client credentials of adjacent systems.

Products Associated with CVE-2020-26816

Want to know whenever a new CVE is published for SAP Netweaver Application Server Java? stack.watch will email you.

Affected Versions

Version < 7.10 is affected.

Version < 7.11 is affected.

Version < 7.20 is affected.

Version < 7.30 is affected.

Version < 7.31 is affected.

Version < 7.40 is affected.

Version < 7.50 is affected.

Exploit Probability

EPSS

0.02%

Percentile

4.98%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-26816 is a vulnerability in SAP Netweaver Application Server JavaPublished on December 9, 2020

Products Associated with CVE-2020-26816

Affected Versions

Exploit Probability

CVE-2020-26816 is a vulnerability in SAP Netweaver Application Server Java
Published on December 9, 2020