{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-12T22:05:50.988","vulnerabilities":[{"cve":{"id":"CVE-2020-26829","sourceIdentifier":"cna@sap.com","published":"2020-12-09T17:15:31.057","lastModified":"2024-11-21T05:20:21.500","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SAP NetWeaver AS JAVA (P2P Cluster Communication), versions - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, allows arbitrary connections from processes because of missing authentication check, that are outside the cluster and even outside the network segment dedicated for the internal cluster communication. As result, an unauthenticated attacker can invoke certain functions that would otherwise be restricted to system administrators only, including access to system administration functions or shutting down the system completely."},{"lang":"es","value":"SAP NetWeaver AS JAVA (P2P Cluster Communication), versiones - 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, permite conexiones arbitrarias de procesos debido a una falta de comprobación de autenticación, que están fuera del clúster e incluso fuera del segmento de red dedicado para la comunicación interna del clúster. Como resultado, un atacante no autenticado puede invocar determinadas funciones que de otro modo estarían restringidas sólo a los administradores del sistema, incluyendo el acceso a las funciones de administración del sistema o apagando el sistema por completo"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV30":[{"source":"cna@sap.com","type":"Secondary","cvssData":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":6.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:C","baseScore":9.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"COMPLETE"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":8.5,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-306"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_java:7.11:*:*:*:*:*:*:*","matchCriteriaId":"C6B085AF-8CEE-4A87-B381-F36C989FB2A0"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_java:7.20:*:*:*:*:*:*:*","matchCriteriaId":"43A28C48-4325-4694-88B1-FEE46EBFB0A6"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_java:7.30:*:*:*:*:*:*:*","matchCriteriaId":"24A1E0B9-8C28-41BC-B050-237B5F929C9C"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_java:7.31:*:*:*:*:*:*:*","matchCriteriaId":"EEAE6C2A-821F-4123-BD56-0FDADF9D63C8"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_java:7.40:*:*:*:*:*:*:*","matchCriteriaId":"F5308FCE-8B2C-4B4D-BEE7-3CF544570B68"},{"vulnerable":true,"criteria":"cpe:2.3:a:sap:netweaver_application_server_java:7.50:*:*:*:*:*:*:*","matchCriteriaId":"9C506445-3787-4BFF-A98B-7502A0F7CF80"}]}]}],"references":[{"url":"http://packetstormsecurity.com/files/163166/SAP-Netweaver-JAVA-7.50-Missing-Authorization.html","source":"cna@sap.com","tags":["Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2021/Jun/33","source":"cna@sap.com","tags":["Mailing List","Third Party Advisory"]},{"url":"https://launchpad.support.sap.com/#/notes/2974774","source":"cna@sap.com","tags":["Permissions Required","Vendor Advisory"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079","source":"cna@sap.com","tags":["Vendor Advisory"]},{"url":"http://packetstormsecurity.com/files/163166/SAP-Netweaver-JAVA-7.50-Missing-Authorization.html","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"http://seclists.org/fulldisclosure/2021/Jun/33","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Mailing List","Third Party Advisory"]},{"url":"https://launchpad.support.sap.com/#/notes/2974774","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Vendor Advisory"]},{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}