CVE-2020-26815

moderate-risk
Published 2020-11-10

SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network to retrieve sensitive / confidential resources which are otherwise restricted for internal usage only, resulting in a Server-Side Request Forgery vulnerability.

Do I need to act?

-
0.28% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.6/10 High
NETWORK / LOW complexity

Affected Products (6)

Fiori Launchpad \(News Tile Application\)
Fiori Launchpad \(News Tile Application\)
Fiori Launchpad \(News Tile Application\)
Fiori Launchpad \(News Tile Application\)
Fiori Launchpad \(News Tile Application\)
Fiori Launchpad \(News Tile Application\)

Affected Vendors

Sap

References (4)

Permissions Required https://launchpad.support.sap.com/#/notes/2984627
Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571
Permissions Required https://launchpad.support.sap.com/#/notes/2984627
Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571
43
/ 100
moderate-risk
Severity 29/34 · Critical
Exploitability 1/34 · Minimal
Exposure 13/34 · Low