CyberSec.Space Logo
返回 CVE 浏览器

CVE-2020-6242

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.0960%
EPSS Percentile26.78th
Published2020年5月12日
Last Modified2024年11月21日

Vulnerability Description

SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check.

Affected Platforms (CPE)

📦
Sap

Businessobjects Business Intelligence Platform

= 1.0
📦
Sap

Businessobjects Business Intelligence Platform

= 2.0
📦
Sap

Businessobjects Business Intelligence Platform

= 2.1
📦
Sap

Businessobjects Business Intelligence Platform

= 2.2
📦
Sap

Businessobjects Business Intelligence Platform

= 2.3

References & Advisories

🔗 https://launchpad.support.sap.com/#/notes/2885244
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
🔗 https://launchpad.support.sap.com/#/notes/2885244
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222

相关漏洞威胁

CVE-2019-03988.8

Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions ...

CVE-2019-02688.1

SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an X...

CVE-2019-02877.6

Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, all...

CVE-2021-405007.5

SAP BusinessObjects Business Intelligence Platform (Crystal Reports) - versions 420, 430, allows an unauthenticated attacker to ex...