CyberSec.Space Logo
Back to CVE Browser

CVE-2020-26831

CRITICAL
9.6
CVSS Severity Score
EPSS Score0.0800%
EPSS Percentile30.47th
PublishedDec 9, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file disclosure, internal directories disclosure, Server-Side Request Forgery (SSRF) and denial-of-service (DoS).

Affected Platforms (CPE)

πŸ“¦
Sap

Businessobjects Business Intelligence Platform

= 4.1
πŸ“¦
Sap

Businessobjects Business Intelligence Platform

= 4.2
πŸ“¦
Sap

Businessobjects Business Intelligence Platform

= 4.3

References & Advisories

πŸ”— https://launchpad.support.sap.com/#/notes/2989075
πŸ”— https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079
πŸ”— https://launchpad.support.sap.com/#/notes/2989075
πŸ”— https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079

Related Vulnerabilities

CVE-2019-03988.8

Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions ...

CVE-2019-02688.1

SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an X...

CVE-2019-02877.6

Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, all...

CVE-2018-24717.5

Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information...

CVE-2020-26831 Detail & Impact Analysis | CVSS 9.6 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space