CVE-2020-26815
Severity CVSS v4.0:
Pending analysis
Type:
CWE-918
Server-Side Request Forgery (SSRF)
Publication date:
10/11/2020
Last modified:
24/11/2020
Description
SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network to retrieve sensitive / confidential resources which are otherwise restricted for internal usage only, resulting in a Server-Side Request Forgery vulnerability.
Impact
Base Score 3.x
8.60
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:sap:fiori_launchpad_\(news_tile_application\):750:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:fiori_launchpad_\(news_tile_application\):751:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:fiori_launchpad_\(news_tile_application\):752:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:fiori_launchpad_\(news_tile_application\):753:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:fiori_launchpad_\(news_tile_application\):754:*:*:*:*:*:*:* | ||
| cpe:2.3:a:sap:fiori_launchpad_\(news_tile_application\):755:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page