CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-26831

CRITICAL
9.6
CVSS Severity Score
EPSS Score0.0800%
EPSS Percentile30.47th
Published2020年12月9日
Last Modified2024年11月21日

Vulnerability Description

SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file disclosure, internal directories disclosure, Server-Side Request Forgery (SSRF) and denial-of-service (DoS).

Affected Platforms (CPE)

📦
Sap

Businessobjects Business Intelligence Platform

= 4.1
📦
Sap

Businessobjects Business Intelligence Platform

= 4.2
📦
Sap

Businessobjects Business Intelligence Platform

= 4.3

References & Advisories

🔗 https://launchpad.support.sap.com/#/notes/2989075
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079
🔗 https://launchpad.support.sap.com/#/notes/2989075
🔗 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564757079

相關漏洞威脅

CVE-2019-03988.8

Due to insufficient CSRF protection, SAP BusinessObjects Business Intelligence Platform (Monitoring Application), before versions ...

CVE-2019-02688.1

SAP BusinessObjects Business Intelligence Platform (CMC Module), versions 4.10, 4.20 and 4.30, does not sufficiently validate an X...

CVE-2019-02877.6

Under certain conditions SAP BusinessObjects Business Intelligence platform (Central Management Server), versions 4.2 and 4.3, all...

CVE-2018-24717.5

Under certain conditions SAP BusinessObjects Business Intelligence Platform 4.10 and 4.20 allows an attacker to access information...

CVE-2020-26831 Detail & Impact Analysis | CVSS 9.6 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space