CVE-2020-6219
9.1
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H
Summary
SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and denial of service and unauthorized execution of arbitrary commands, leading to Deserialization of Untrusted Data.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer) | < 4.1 | affected |
| SAP SE | SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer) | < 4.2 | affected |
| SAP SE | Crystal Reports for VS | < 2010 | affected |
Weaknesses
- CWE-502: CWE-502
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202
- https://launchpad.support.sap.com/#/notes/2863731
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202
- https://launchpad.support.sap.com/#/notes/2863731
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.