cnvd - cnvd-2020-74928

cnvd-2020-74928

Vulnerability from cnvd

Title: SAP Business Warehouse和SAP BW4HANA操作系统命令注入漏洞

Description:

SAP Business Warehouse（BW）是SAP的数据仓库解决方案。SAP BW提供了高性能的基础架构，可帮助您评估和解释数据。决策者可以根据分析的数据做出有根据的决策，并确定针对目标的活动。

SAP Business Warehouse 700、701、702、731、740、750、751、752、753、754、755、782和SAP BW4HANA 100、200版本存在操作系统命令注入漏洞。经过身份认证的攻击者可通过提交特制的可导致代码注入的请求利用该漏洞危害服务器及其上运行的任何数据或影响其他应用程序的机密性、完整性和可用性。

Severity: 高

Patch Name: SAP Business Warehouse和SAP BW4HANA操作系统命令注入漏洞的补丁

Patch Description:

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-26838

Impacted products

Name
['SAP SAP Business Warehouse 700', 'SAP SAP Business Warehouse 701', 'SAP SAP Business Warehouse 702', 'SAP SAP Business Warehouse 731', 'SAP SAP Business Warehouse 740', 'SAP SAP Business Warehouse 750', 'SAP SAP Business Warehouse 751', 'SAP SAP Business Warehouse 752', 'SAP SAP Business Warehouse 753', 'SAP SAP Business Warehouse 754', 'SAP SAP Business Warehouse 755', 'SAP SAP Business Warehouse 782', 'SAP BW4HANA 100', 'SAP BW4HANA 200']

Name

['SAP SAP Business Warehouse 700', 'SAP SAP Business Warehouse 701', 'SAP SAP Business Warehouse 702', 'SAP SAP Business Warehouse 731', 'SAP SAP Business Warehouse 740', 'SAP SAP Business Warehouse 750', 'SAP SAP Business Warehouse 751', 'SAP SAP Business Warehouse 752', 'SAP SAP Business Warehouse 753', 'SAP SAP Business Warehouse 754', 'SAP SAP Business Warehouse 755', 'SAP SAP Business Warehouse 782', 'SAP BW4HANA 100', 'SAP BW4HANA 200']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-26838",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-26838"
    }
  },
  "description": "SAP Business Warehouse\uff08BW\uff09\u662fSAP\u7684\u6570\u636e\u4ed3\u5e93\u89e3\u51b3\u65b9\u6848\u3002SAP BW\u63d0\u4f9b\u4e86\u9ad8\u6027\u80fd\u7684\u57fa\u7840\u67b6\u6784\uff0c\u53ef\u5e2e\u52a9\u60a8\u8bc4\u4f30\u548c\u89e3\u91ca\u6570\u636e\u3002\u51b3\u7b56\u8005\u53ef\u4ee5\u6839\u636e\u5206\u6790\u7684\u6570\u636e\u505a\u51fa\u6709\u6839\u636e\u7684\u51b3\u7b56\uff0c\u5e76\u786e\u5b9a\u9488\u5bf9\u76ee\u6807\u7684\u6d3b\u52a8\u3002\n\nSAP Business Warehouse 700\u3001701\u3001702\u3001731\u3001740\u3001750\u3001751\u3001752\u3001753\u3001754\u3001755\u3001782\u548cSAP BW4HANA 100\u3001200\u7248\u672c\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u7ecf\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u63d0\u4ea4\u7279\u5236\u7684\u53ef\u5bfc\u81f4\u4ee3\u7801\u6ce8\u5165\u7684\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u5371\u5bb3\u670d\u52a1\u5668\u53ca\u5176\u4e0a\u8fd0\u884c\u7684\u4efb\u4f55\u6570\u636e\u6216\u5f71\u54cd\u5176\u4ed6\u5e94\u7528\u7a0b\u5e8f\u7684\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-74928",
  "openTime": "2020-12-29",
  "patchDescription": "SAP Business Warehouse\uff08BW\uff09\u662fSAP\u7684\u6570\u636e\u4ed3\u5e93\u89e3\u51b3\u65b9\u6848\u3002SAP BW\u63d0\u4f9b\u4e86\u9ad8\u6027\u80fd\u7684\u57fa\u7840\u67b6\u6784\uff0c\u53ef\u5e2e\u52a9\u60a8\u8bc4\u4f30\u548c\u89e3\u91ca\u6570\u636e\u3002\u51b3\u7b56\u8005\u53ef\u4ee5\u6839\u636e\u5206\u6790\u7684\u6570\u636e\u505a\u51fa\u6709\u6839\u636e\u7684\u51b3\u7b56\uff0c\u5e76\u786e\u5b9a\u9488\u5bf9\u76ee\u6807\u7684\u6d3b\u52a8\u3002\r\n\r\nSAP Business Warehouse 700\u3001701\u3001702\u3001731\u3001740\u3001750\u3001751\u3001752\u3001753\u3001754\u3001755\u3001782\u548cSAP BW4HANA 100\u3001200\u7248\u672c\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u7ecf\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u63d0\u4ea4\u7279\u5236\u7684\u53ef\u5bfc\u81f4\u4ee3\u7801\u6ce8\u5165\u7684\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u5371\u5bb3\u670d\u52a1\u5668\u53ca\u5176\u4e0a\u8fd0\u884c\u7684\u4efb\u4f55\u6570\u636e\u6216\u5f71\u54cd\u5176\u4ed6\u5e94\u7528\u7a0b\u5e8f\u7684\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAP Business Warehouse\u548cSAP BW4HANA\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SAP SAP Business Warehouse 700",
      "SAP SAP Business Warehouse 701",
      "SAP SAP Business Warehouse 702",
      "SAP SAP Business Warehouse 731",
      "SAP SAP Business Warehouse 740",
      "SAP SAP Business Warehouse 750",
      "SAP SAP Business Warehouse 751",
      "SAP SAP Business Warehouse 752",
      "SAP SAP Business Warehouse 753",
      "SAP SAP Business Warehouse 754",
      "SAP SAP Business Warehouse 755",
      "SAP SAP Business Warehouse 782",
      "SAP BW4HANA 100",
      "SAP BW4HANA 200"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-26838",
  "serverity": "\u9ad8",
  "submitTime": "2020-12-11",
  "title": "SAP Business Warehouse\u548cSAP BW4HANA\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2020-26838 (GCVE-0-2020-26838)

Vulnerability from cvelistv5

Published

2020-12-09 16:31

Modified

2024-08-04 16:03

Severity ?

9.1 (Critical) - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

Code Injection

Summary

SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality, integrity and availability of the server and any data or other applications running on it.

References

▼	URL	Tags
	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079	x_refsource_MISC
	https://launchpad.support.sap.com/#/notes/2983367	x_refsource_MISC

Impacted products

Vendor

Product

Version

▼

SAP SE

SAP Business Warehouse

Version: < 700
Version: < 701
Version: < 702
Version: < 731
Version: < 740
Version: < 750
Version: < 751
Version: < 752
Version: < 753
Version: < 754
Version: < 755
Version: < 782

SAP SE

SAP BW4HANA

Version: < 100
Version: < 200

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:03:22.812Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/2983367"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP Business Warehouse",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 700"
            },
            {
              "status": "affected",
              "version": "\u003c 701"
            },
            {
              "status": "affected",
              "version": "\u003c 702"
            },
            {
              "status": "affected",
              "version": "\u003c 731"
            },
            {
              "status": "affected",
              "version": "\u003c 740"
            },
            {
              "status": "affected",
              "version": "\u003c 750"
            },
            {
              "status": "affected",
              "version": "\u003c 751"
            },
            {
              "status": "affected",
              "version": "\u003c 752"
            },
            {
              "status": "affected",
              "version": "\u003c 753"
            },
            {
              "status": "affected",
              "version": "\u003c 754"
            },
            {
              "status": "affected",
              "version": "\u003c 755"
            },
            {
              "status": "affected",
              "version": "\u003c 782"
            }
          ]
        },
        {
          "product": "SAP BW4HANA",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 100"
            },
            {
              "status": "affected",
              "version": "\u003c 200"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality, integrity and availability of the server and any data or other applications running on it."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Code Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-09T16:31:14",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/2983367"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2020-26838",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP Business Warehouse",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "\u003c",
                            "version_value": "700"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "701"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "702"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "731"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "740"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "750"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "751"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "752"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "753"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "754"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "755"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "782"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SAP BW4HANA",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "\u003c",
                            "version_value": "100"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "200"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality, integrity and availability of the server and any data or other applications running on it."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "9.1",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Code Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079",
              "refsource": "MISC",
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/2983367",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/2983367"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2020-26838",
    "datePublished": "2020-12-09T16:31:14",
    "dateReserved": "2020-10-07T00:00:00",
    "dateUpdated": "2024-08-04T16:03:22.812Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted