CVE-2020-26820 is a vulnerability in SAP Netweaver Application Server Java

CVE-2020-26820 is a vulnerability in SAP Netweaver Application Server Java
Published on November 10, 2020

SAP NetWeaver AS JAVA, versions - 7.20, 7.30, 7.31, 7.40, 7.50, allows an attacker who is authenticated as an administrator to use the administrator console, to expose unauthenticated access to the file system and upload a malicious file. The attacker or another user can then use a separate mechanism to execute OS commands through the uploaded file leading to Privilege Escalation and completely compromise the confidentiality, integrity and availability of the server operating system and any application running on it.

Products Associated with CVE-2020-26820

Want to know whenever a new CVE is published for SAP Netweaver Application Server Java? stack.watch will email you.

Affected Versions

Version < 7.20 is affected.

Version < 7.30 is affected.

Version < 7.31 is affected.

Version < 7.40 is affected.

Version < 7.50 is affected.

Exploit Probability

EPSS

3.16%

Percentile

86.70%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-26820 is a vulnerability in SAP Netweaver Application Server JavaPublished on November 10, 2020

Products Associated with CVE-2020-26820

Affected Versions

Exploit Probability

CVE-2020-26820 is a vulnerability in SAP Netweaver Application Server Java
Published on November 10, 2020