CVE-2020-6237

Description

Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.

CVSS breakdown

CVSS 3.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected products

SAP_SE / SAP Business Objects Business Intelligence Platform< 4.1 – < 4.1
SAP_SE / SAP Business Objects Business Intelligence Platform< 4.2 – < 4.2

References

MISChttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202
MISChttps://launchpad.support.sap.com/#/notes/2898077