Authentication bypass in SAP NetWeaver AS JAVA

Published: 2020-12-08
Risk High
Patch available YES
Number of vulnerabilities 1
CVE-ID CVE-2020-26829
Exploitation vector Network
Public exploit N/A
Vulnerable software
SAP NetWeaver
Server applications / Application servers

Vendor SAP

Security Bulletin

This security bulletin contains one high risk vulnerability.

1) Improper Authentication

EUVDB-ID: #VU48818

Risk: High


CVE-ID: CVE-2020-26829

CWE-ID: CWE-287 - Improper Authentication

Exploit availability: No


The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error when processing authentication requests within the P2P Cluster Communication component. A remote attacker can bypass authentication process and gain unauthorized access to the application.

Successful exploitation of the vulnerability may allow an attacker to compromise the server.


Install update from vendor's website.

Vulnerable software versions

SAP NetWeaver: 7.11 - 7.31

CPE2.3 External links

Q & A

Can this vulnerability be exploited remotely?

Is there known malware, which exploits this vulnerability?