{"containers":{"cna":{"affected":[{"product":"SAP NetWeaver AS ABAP (Web Dynpro)","vendor":"SAP SE","versions":[{"status":"affected","version":"< 731"},{"status":"affected","version":"< 740"},{"status":"affected","version":"< 750"},{"status":"affected","version":"< 751"},{"status":"affected","version":"< 752"},{"status":"affected","version":"< 753"},{"status":"affected","version":"< 754"},{"status":"affected","version":"< 755"},{"status":"affected","version":"< 782"}]}],"descriptions":[{"lang":"en","value":"SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure."}],"metrics":[{"cvssV3_0":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":6.5,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"NONE","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.0"}}],"problemTypes":[{"descriptions":[{"description":"Information Disclosure","lang":"en","type":"text"}]}],"providerMetadata":{"dateUpdated":"2020-11-10T16:17:12.000Z","orgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","shortName":"sap"},"references":[{"tags":["x_refsource_MISC"],"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571"},{"tags":["x_refsource_MISC"],"url":"https://launchpad.support.sap.com/#/notes/2971954"}],"x_legacyV4Record":{"CVE_data_meta":{"ASSIGNER":"cna@sap.com","ID":"CVE-2020-26818","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"SAP NetWeaver AS ABAP (Web Dynpro)","version":{"version_data":[{"version_name":"<","version_value":"731"},{"version_name":"<","version_value":"740"},{"version_name":"<","version_value":"750"},{"version_name":"<","version_value":"751"},{"version_name":"<","version_value":"752"},{"version_name":"<","version_value":"753"},{"version_name":"<","version_value":"754"},{"version_name":"<","version_value":"755"},{"version_name":"<","version_value":"782"}]}}]},"vendor_name":"SAP SE"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure."}]},"impact":{"cvss":{"baseScore":"6.5","vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N","version":"3.0"}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"Information Disclosure"}]}]},"references":{"reference_data":[{"name":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571","refsource":"MISC","url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571"},{"name":"https://launchpad.support.sap.com/#/notes/2971954","refsource":"MISC","url":"https://launchpad.support.sap.com/#/notes/2971954"}]}}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T16:03:22.370Z"},"title":"CVE Program Container","references":[{"tags":["x_refsource_MISC","x_transferred"],"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571"},{"tags":["x_refsource_MISC","x_transferred"],"url":"https://launchpad.support.sap.com/#/notes/2971954"}]}]},"cveMetadata":{"assignerOrgId":"e4686d1a-f260-4930-ac4c-2f5c992778dd","assignerShortName":"sap","cveId":"CVE-2020-26818","datePublished":"2020-11-10T16:17:12.000Z","dateReserved":"2020-10-07T00:00:00.000Z","dateUpdated":"2024-08-04T16:03:22.370Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.1"}