Vulnerabilities > CVE-2020-26815 - Server-Side Request Forgery (SSRF) vulnerability in SAP Fiori Launchpad (News Tile Application)
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
SAP Fiori Launchpad (News tile Application), versions - 750,751,752,753,754,755, allows an unauthorized attacker to send a crafted request to a vulnerable web application. It is usually used to target internal systems behind firewalls that are normally inaccessible to an attacker from the external network to retrieve sensitive / confidential resources which are otherwise restricted for internal usage only, resulting in a Server-Side Request Forgery vulnerability.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 |