SAP Process Integration (PGP Module – Business-to-Business Add On), version – 1.0, allows an attacker to read PGP Keys under certain conditions in the PGP Module of Business-to-Business Add-On, these keys can then be used to read messages processed by the module leading to Information Disclosure.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26814
Reference (s):
- https://launchpad.support.sap.com/#/notes/2952084
- URL: https://launchpad.support.sap.com/#/notes/2952084
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571
- URL: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571