CVE-2020-6220

Summary

BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active.

Affected Software

VendorProductVersion RangeStatus
SAP SESAP Business Objects Business Intelligence Platform4.1affected
SAP SESAP Business Objects Business Intelligence Platform4.2affected

Weaknesses

  • Cross Site Scripting

ADP Enrichment

CVE Program Container

Additional References

References