Vulnerability Database

314,615

Total vulnerabilities in the database

CVE-2020-26818

SAP NetWeaver AS ABAP (Web Dynpro), versions - 731, 740, 750, 751, 752, 753, 754, 755, 782, allows an authenticated user to access Web Dynpro components, which reveals sensitive system information that would otherwise be restricted to highly privileged users because of missing authorization, resulting in Information Disclosure.

Published: Nov 10, 2020
Updated: Nov 16, 2025
CVE: CVE-2020-26818
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: Medium
Score: 6.5
AV:N/AC:L/Au:S/C:P/I:P/A:P

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
sap / netweaver_application_server_abap	750	750.x
sap / netweaver_application_server_abap	752	752.x
sap / netweaver_application_server_abap	753	753.x
sap / netweaver_application_server_abap	754	754.x
sap / netweaver_application_server_abap	755	755.x
sap / netweaver_application_server_abap	731	731.x
sap / netweaver_application_server_abap	740	740.x
sap / netweaver_application_server_abap	751	751.x
sap / netweaver_application_server_abap	782	782.x

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo