CVE-2020-6242
Published May 12, 2020
Last updated 2 years ago
Overview
- Description
- SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check.
- Source
- cna@sap.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 3.0
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-306
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77EBF51D-452E-4CD9-8CC8-49A7847C8297"
},
{
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A388D485-0057-483E-AFE6-D390381C7022"
},
{
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8177209E-C74F-4373-B9C6-FAB3903187E7"
},
{
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9F2B27B-7389-4A71-A9FF-075E2A98656C"
},
{
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "15A06DA3-DD71-4ABD-AD59-B87DFF1868E7"
}
],
"operator": "OR"
}
]
}
]