CVE-2020-6195
6.4
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gain access to system and If password is known, it would give administrative rights to the attacker to read/modify delete the data and rights within the system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Business Objects Business Intelligence Platform | < 4.1 | affected |
| SAP SE | SAP Business Objects Business Intelligence Platform | < 4.2 | affected |
Weaknesses
- Information Disclosure
ADP Enrichment
CVE Program Container
Additional References
- https://launchpad.support.sap.com/#/notes/2878507
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202
References
- https://launchpad.support.sap.com/#/notes/2878507
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.