CVE-2020-26823
CRITICALSAP Solution Manager <7.20 - Privilege Escalation
Title source: llmDescription
SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the Upgrade Diagnostics Agent Connection Service, this has an impact to the integrity and availability of the service.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2985866
Scores
CVSS v3
10.0
EPSS
0.0037
EPSS Percentile
58.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (1)
sap/solution_manager
7.20
Published
Nov 10, 2020
Tracked Since
Feb 18, 2026