SAP NetWeaver AS ABAP (Web Dynpro), versions – 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, that allows them to read and delete database logfiles because of Improper Access Control.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26819
Reference (s):
- https://launchpad.support.sap.com/#/notes/2971954
- URL: https://launchpad.support.sap.com/#/notes/2971954
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571
- URL: https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571