CVE-2020-6242
9.8
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Business Objects Business Intelligence Platform (Live Data Connect) | < 1.0 | affected |
| SAP SE | SAP Business Objects Business Intelligence Platform (Live Data Connect) | < 2.0 | affected |
| SAP SE | SAP Business Objects Business Intelligence Platform (Live Data Connect) | < 2.x | affected |
Weaknesses
- Missing Authentication Check
ADP Enrichment
CVE Program Container
Additional References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
- https://launchpad.support.sap.com/#/notes/2885244
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
References
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
- https://launchpad.support.sap.com/#/notes/2885244
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.