CyberSec.Space Logo
Back to CVE Browser

CVE-2020-6242

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0960%
EPSS Percentile26.78th
PublishedMay 12, 2020
Last ModifiedNov 21, 2024

Vulnerability Description

SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check.

Affected Platforms (CPE)

πŸ“¦
Sap

Businessobjects Business Intelligence Platform

= 1.0
πŸ“¦
Sap

Businessobjects Business Intelligence Platform

= 2.0
πŸ“¦
Sap

Businessobjects Business Intelligence Platform

= 2.1
πŸ“¦
Sap

Businessobjects Business Intelligence Platform

= 2.2
πŸ“¦
Sap

Businessobjects Business Intelligence Platform

= 2.3

References & Advisories

πŸ”— https://launchpad.support.sap.com/#/notes/2885244
πŸ”— https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
πŸ”— https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
πŸ”— https://launchpad.support.sap.com/#/notes/2885244
πŸ”— https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
πŸ”— https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222

Related Vulnerabilities

CVE-2019-03988.8

Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions ...

CVE-2019-02688.1

SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an X...

CVE-2019-02877.6

Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, all...

CVE-2021-405007.5

SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to ex...