Missing Authentication Vulnerability in SAP Business Objects Business Intelligence Platform
CVE-2020-6242

9.8CRITICAL

Key Information:

Vendor
SAP
Status
SAP Business Objects Business Intelligence Platform (live Data Connect)
Vendor
CVE Published:
12 May 2020

Summary

The SAP Business Objects Business Intelligence Platform allows an attacker to log into the Central Management Console without using a password. This unauthorized access occurs if the BIPRWS application server lacks the appropriate protection via a specific certificate. The absence of proper authentication measures allows for potential exploitation, compromising the security of sensitive data within the platform.

Affected Version(s)

SAP Business Objects Business Intelligence Platform (Live Data Connect) < 1.0 < 1.0

SAP Business Objects Business Intelligence Platform (Live Data Connect) < 2.0 < 2.0

SAP Business Objects Business Intelligence Platform (Live Data Connect) < 2.x < 2.x

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/2885244
x_refsource_MISC
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.