Unauthenticated Remote Code Execution in SAP Solution Manager (JAVA stack) 7.20 via SVG Converter Service

Unauthenticated Remote Code Execution in SAP Solution Manager (JAVA stack) 7.20 via SVG Converter Service

CVE-2020-26821 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:H/A:H

SAP Solution Manager (JAVA stack), version - 7.20, allows an unauthenticated attacker to compromise the system because of missing authorization checks in the SVG Converter Service, this has an impact to the integrity and availability of the service.

Learn more about our Web Application Penetration Testing UK.