Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-26828

SAP Disclosure Management, version - 10.1, provides capabilities for authorized users to upload and download content of specific file type. In some file types it is possible to enter formulas which can call external applications or execute scripts. The execution of a payload (script) on target machine could be used to steal and modify the data available in the spreadsheet

Published

2020-12-09T17:15:30.977

Last Modified

2024-11-21T05:20:21.353

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.4 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

4.9

Weaknesses

Type: Primary
CWE-434

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	sap	disclosure_management	10.1	Yes

References

https://launchpad.support.sap.com/#/notes/2971180 Permissions Required ([email protected])
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079 Vendor Advisory ([email protected])
https://launchpad.support.sap.com/#/notes/2971180 Permissions Required (af854a3a-2127-422b-91ae-364da2661108)
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)