Unrestricted File Upload Vulnerability in SAP Business Objects BI Platform
CVE-2020-6288

4.6MEDIUM

Key Information:

Vendor: SAP
Status: SAP Business Objects Business Intelligence Platform (web Intelligence Html Interface)
Vendor: CVE Published:; 9 September 2020

Summary

SAP Business Objects Business Intelligence Platform's Web Intelligence HTML interface suffers from a vulnerability that permits attackers with edit document rights to upload files without adequate validation of file formats. This flaw allows an attacker to upload potentially harmful script files, which could lead to the modification of document content and facilitate the display of erroneous information in the user’s browser session. While the server remains secure, the impact can disrupt the user experience and affect the integrity of the displayed data.

Affected Version(s)

SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) < 4.1 < 4.1

SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) < 4.2 < 4.2

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_MISC

https://launchpad.support.sap.com/#/notes/2930128

x_refsource_MISC

CVSS V3.1

Score:

4.6

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Sep 9, 2020
Vulnerability Reserved
Jan 8, 2020