cnvd - cnvd-2020-74928

CNVD-2020-74928

Vulnerability from cnvd - Published: 2020-12-29

Title

SAP Business Warehouse和SAP BW4HANA操作系统命令注入漏洞

Description

SAP Business Warehouse（BW）是SAP的数据仓库解决方案。SAP BW提供了高性能的基础架构，可帮助您评估和解释数据。决策者可以根据分析的数据做出有根据的决策，并确定针对目标的活动。 SAP Business Warehouse 700、701、702、731、740、750、751、752、753、754、755、782和SAP BW4HANA 100、200版本存在操作系统命令注入漏洞。经过身份认证的攻击者可通过提交特制的可导致代码注入的请求利用该漏洞危害服务器及其上运行的任何数据或影响其他应用程序的机密性、完整性和可用性。

Severity

高

Patch Name

SAP Business Warehouse和SAP BW4HANA操作系统命令注入漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-26838

Impacted products

Name
['SAP SAP Business Warehouse 700', 'SAP SAP Business Warehouse 701', 'SAP SAP Business Warehouse 702', 'SAP SAP Business Warehouse 731', 'SAP SAP Business Warehouse 740', 'SAP SAP Business Warehouse 750', 'SAP SAP Business Warehouse 751', 'SAP SAP Business Warehouse 752', 'SAP SAP Business Warehouse 753', 'SAP SAP Business Warehouse 754', 'SAP SAP Business Warehouse 755', 'SAP SAP Business Warehouse 782', 'SAP BW4HANA 100', 'SAP BW4HANA 200']

Name

['SAP SAP Business Warehouse 700', 'SAP SAP Business Warehouse 701', 'SAP SAP Business Warehouse 702', 'SAP SAP Business Warehouse 731', 'SAP SAP Business Warehouse 740', 'SAP SAP Business Warehouse 750', 'SAP SAP Business Warehouse 751', 'SAP SAP Business Warehouse 752', 'SAP SAP Business Warehouse 753', 'SAP SAP Business Warehouse 754', 'SAP SAP Business Warehouse 755', 'SAP SAP Business Warehouse 782', 'SAP BW4HANA 100', 'SAP BW4HANA 200']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-26838",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-26838"
    }
  },
  "description": "SAP Business Warehouse\uff08BW\uff09\u662fSAP\u7684\u6570\u636e\u4ed3\u5e93\u89e3\u51b3\u65b9\u6848\u3002SAP BW\u63d0\u4f9b\u4e86\u9ad8\u6027\u80fd\u7684\u57fa\u7840\u67b6\u6784\uff0c\u53ef\u5e2e\u52a9\u60a8\u8bc4\u4f30\u548c\u89e3\u91ca\u6570\u636e\u3002\u51b3\u7b56\u8005\u53ef\u4ee5\u6839\u636e\u5206\u6790\u7684\u6570\u636e\u505a\u51fa\u6709\u6839\u636e\u7684\u51b3\u7b56\uff0c\u5e76\u786e\u5b9a\u9488\u5bf9\u76ee\u6807\u7684\u6d3b\u52a8\u3002\n\nSAP Business Warehouse 700\u3001701\u3001702\u3001731\u3001740\u3001750\u3001751\u3001752\u3001753\u3001754\u3001755\u3001782\u548cSAP BW4HANA 100\u3001200\u7248\u672c\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u7ecf\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u63d0\u4ea4\u7279\u5236\u7684\u53ef\u5bfc\u81f4\u4ee3\u7801\u6ce8\u5165\u7684\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u5371\u5bb3\u670d\u52a1\u5668\u53ca\u5176\u4e0a\u8fd0\u884c\u7684\u4efb\u4f55\u6570\u636e\u6216\u5f71\u54cd\u5176\u4ed6\u5e94\u7528\u7a0b\u5e8f\u7684\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-74928",
  "openTime": "2020-12-29",
  "patchDescription": "SAP Business Warehouse\uff08BW\uff09\u662fSAP\u7684\u6570\u636e\u4ed3\u5e93\u89e3\u51b3\u65b9\u6848\u3002SAP BW\u63d0\u4f9b\u4e86\u9ad8\u6027\u80fd\u7684\u57fa\u7840\u67b6\u6784\uff0c\u53ef\u5e2e\u52a9\u60a8\u8bc4\u4f30\u548c\u89e3\u91ca\u6570\u636e\u3002\u51b3\u7b56\u8005\u53ef\u4ee5\u6839\u636e\u5206\u6790\u7684\u6570\u636e\u505a\u51fa\u6709\u6839\u636e\u7684\u51b3\u7b56\uff0c\u5e76\u786e\u5b9a\u9488\u5bf9\u76ee\u6807\u7684\u6d3b\u52a8\u3002\r\n\r\nSAP Business Warehouse 700\u3001701\u3001702\u3001731\u3001740\u3001750\u3001751\u3001752\u3001753\u3001754\u3001755\u3001782\u548cSAP BW4HANA 100\u3001200\u7248\u672c\u5b58\u5728\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u3002\u7ecf\u8fc7\u8eab\u4efd\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u63d0\u4ea4\u7279\u5236\u7684\u53ef\u5bfc\u81f4\u4ee3\u7801\u6ce8\u5165\u7684\u8bf7\u6c42\u5229\u7528\u8be5\u6f0f\u6d1e\u5371\u5bb3\u670d\u52a1\u5668\u53ca\u5176\u4e0a\u8fd0\u884c\u7684\u4efb\u4f55\u6570\u636e\u6216\u5f71\u54cd\u5176\u4ed6\u5e94\u7528\u7a0b\u5e8f\u7684\u673a\u5bc6\u6027\u3001\u5b8c\u6574\u6027\u548c\u53ef\u7528\u6027\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAP Business Warehouse\u548cSAP BW4HANA\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SAP SAP Business Warehouse 700",
      "SAP SAP Business Warehouse 701",
      "SAP SAP Business Warehouse 702",
      "SAP SAP Business Warehouse 731",
      "SAP SAP Business Warehouse 740",
      "SAP SAP Business Warehouse 750",
      "SAP SAP Business Warehouse 751",
      "SAP SAP Business Warehouse 752",
      "SAP SAP Business Warehouse 753",
      "SAP SAP Business Warehouse 754",
      "SAP SAP Business Warehouse 755",
      "SAP SAP Business Warehouse 782",
      "SAP BW4HANA 100",
      "SAP BW4HANA 200"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-26838",
  "serverity": "\u9ad8",
  "submitTime": "2020-12-11",
  "title": "SAP Business Warehouse\u548cSAP BW4HANA\u64cd\u4f5c\u7cfb\u7edf\u547d\u4ee4\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2020-26838 (GCVE-0-2020-26838)

Vulnerability from cvelistv5 – Published: 2020-12-09 16:31 – Updated: 2024-08-04 16:03

Summary

SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality, integrity and availability of the server and any data or other applications running on it.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

CWE

Code Injection

Assigner

sap

References

URL

Tags

	https://wiki.scn.sap.com/wiki/pages/viewpage.acti…	x_refsource_MISC
	https://launchpad.support.sap.com/#/notes/2983367	x_refsource_MISC

Impacted products

Vendor

Product

Version

SAP SE

SAP Business Warehouse

Affected: < 700
Affected: < 701
Affected: < 702
Affected: < 731
Affected: < 740
Affected: < 750
Affected: < 751
Affected: < 752
Affected: < 753
Affected: < 754
Affected: < 755
Affected: < 782

SAP SE

SAP BW4HANA

Affected: < 100
Affected: < 200

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T16:03:22.812Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/2983367"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP Business Warehouse",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 700"
            },
            {
              "status": "affected",
              "version": "\u003c 701"
            },
            {
              "status": "affected",
              "version": "\u003c 702"
            },
            {
              "status": "affected",
              "version": "\u003c 731"
            },
            {
              "status": "affected",
              "version": "\u003c 740"
            },
            {
              "status": "affected",
              "version": "\u003c 750"
            },
            {
              "status": "affected",
              "version": "\u003c 751"
            },
            {
              "status": "affected",
              "version": "\u003c 752"
            },
            {
              "status": "affected",
              "version": "\u003c 753"
            },
            {
              "status": "affected",
              "version": "\u003c 754"
            },
            {
              "status": "affected",
              "version": "\u003c 755"
            },
            {
              "status": "affected",
              "version": "\u003c 782"
            }
          ]
        },
        {
          "product": "SAP BW4HANA",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 100"
            },
            {
              "status": "affected",
              "version": "\u003c 200"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality, integrity and availability of the server and any data or other applications running on it."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "HIGH",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Code Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-09T16:31:14",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/2983367"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2020-26838",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP Business Warehouse",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "\u003c",
                            "version_value": "700"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "701"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "702"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "731"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "740"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "750"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "751"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "752"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "753"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "754"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "755"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "782"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "SAP BW4HANA",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "\u003c",
                            "version_value": "100"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "200"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SAP Business Warehouse, versions - 700, 701, 702, 731, 740, 750, 751, 752, 753, 754, 755, 782, and SAP BW4HANA, versions - 100, 200 allows an attacker authenticated with (high) developer privileges to submit a crafted request to generate and execute code without requiring any user interaction. It is possible to craft a request which will result in the execution of Operating System commands leading to Code Injection vulnerability which could completely compromise the confidentiality, integrity and availability of the server and any data or other applications running on it."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "9.1",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Code Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079",
              "refsource": "MISC",
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/2983367",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/2983367"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2020-26838",
    "datePublished": "2020-12-09T16:31:14",
    "dateReserved": "2020-10-07T00:00:00",
    "dateUpdated": "2024-08-04T16:03:22.812Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2020-74928

CVE-2020-26838 (GCVE-0-2020-26838)

Tags

Sightings

Nomenclature