← Back

CVE-2020-26816

nvd nist
Published: Dec 9, 2020Modified: Nov 21, 2024

JSON object

Loading...
4.5
Vector
CVSS:3.1/AV:A/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Exploitability: 0.9 / Impact: 3.6
Source: NVD

Description

SAP AS JAVA (Key Storage Service), versions - 7.10, 7.11, 7.20 ,7.30, 7.31, 7.40, 7.50, has the key material which is stored in the SAP NetWeaver AS Java Key Storage service stored in the database in the DER encoded format and is not encrypted. This enables an attacker who has administrator access to the SAP NetWeaver AS Java to decode the keys because of missing encryption and get some application data and client credentials of adjacent systems. This highly impacts Confidentiality as information disclosed could contain client credentials of adjacent systems.

Affected (7)

Sap
1 product
Netweaver Application Server Java
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Netweaver Application Server Java
Version 7.10
Netweaver Application Server Java
Version 7.11
Netweaver Application Server Java
Version 7.20
Netweaver Application Server Java
Version 7.30
Netweaver Application Server Java
Version 7.31
Netweaver Application Server Java
Version 7.40
Netweaver Application Server Java
Version 7.50

Related CWEs

CWE-312
Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (4)

Source: cna@sap.com
Permissions Required
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.