Improper Resource Identifier Control in SAP Business Objects Platform
CVE-2020-6245

6.5MEDIUM

Key Information:

Vendor: SAP
Status: SAP Business Objects Business Intelligence Platform
Vendor: CVE Published:; 12 May 2020

What is CVE-2020-6245?

The SAP Business Objects Business Intelligence Platform version 4.2 is susceptible to a vulnerability that allows an authenticated attacker with access to the local instance to inject arbitrary files or code. This can lead to execution of malicious code within the application due to insufficient checks on resource identifiers, exposing the system to potential exploits.

Affected Version(s)

SAP Business Objects Business Intelligence Platform < 4.2

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2828558

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 12, 2020
Vulnerability Reserved
Jan 8, 2020