Missing Authentication Vulnerability in SAP Business Objects Business Intelligence Platform
CVE-2020-6242
9.8CRITICAL
Key Information:
- Vendor
SAP
- Vendor
- CVE Published:
- 12 May 2020
What is CVE-2020-6242?
The SAP Business Objects Business Intelligence Platform allows an attacker to log into the Central Management Console without using a password. This unauthorized access occurs if the BIPRWS application server lacks the appropriate protection via a specific certificate. The absence of proper authentication measures allows for potential exploitation, compromising the security of sensitive data within the platform.
Affected Version(s)
SAP Business Objects Business Intelligence Platform (Live Data Connect) < 1.0 < 1.0
SAP Business Objects Business Intelligence Platform (Live Data Connect) < 2.0 < 2.0
SAP Business Objects Business Intelligence Platform (Live Data Connect) < 2.x < 2.x