Missing Authentication Vulnerability in SAP Business Objects Business Intelligence Platform
CVE-2020-6242

9.8CRITICAL

Key Information:

Vendor

SAP
Status
SAP Business Objects Business Intelligence Platform (live Data Connect)
Vendor
CVE Published:
12 May 2020

What is CVE-2020-6242?

The SAP Business Objects Business Intelligence Platform allows an attacker to log into the Central Management Console without using a password. This unauthorized access occurs if the BIPRWS application server lacks the appropriate protection via a specific certificate. The absence of proper authentication measures allows for potential exploitation, compromising the security of sensitive data within the platform.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

SAP Business Objects Business Intelligence Platform (Live Data Connect) < 1.0 < 1.0

SAP Business Objects Business Intelligence Platform (Live Data Connect) < 2.0 < 2.0

SAP Business Objects Business Intelligence Platform (Live Data Connect) < 2.x < 2.x

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
https://launchpad.support.sap.com/#/notes/2885244
x_refsource_MISC
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.