← Back

CVE-2020-6242

nvd nist
Published: May 12, 2020Modified: Nov 21, 2024

JSON object

Loading...
9.8
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 3.9 / Impact: 5.9
Source: NVD

Description

SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check.

Affected (5)

Sap
1 product
Businessobjects Business Intelligence Platform
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Businessobjects Business Intelligence Platform
Version 1.0
Businessobjects Business Intelligence Platform
Version 2.0
Businessobjects Business Intelligence Platform
Version 2.1
Businessobjects Business Intelligence Platform
Version 2.2
Businessobjects Business Intelligence Platform
Version 2.3

Related CWEs

CWE-306
Missing Authentication for Critical Function
The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

References (6)

Source: cna@sap.com
Permissions Required
Source: cna@sap.com
Broken LinkVendor Advisory
Source: cna@sap.com
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Broken LinkVendor Advisory

Timeline

No history available yet.