Improper Access Control in SAP NetWeaver AS ABAP (Web Dynpro) Allows Unauthorized Access to Database Logfiles

Improper Access Control in SAP NetWeaver AS ABAP (Web Dynpro) Allows Unauthorized Access to Database Logfiles

CVE-2020-26819 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control.

Learn more about our Web App Pen Testing.