- Description
- SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check.
- Source
- cna@sap.com
- NVD status
- Modified
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 3.0
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-306
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "77EBF51D-452E-4CD9-8CC8-49A7847C8297"
},
{
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A388D485-0057-483E-AFE6-D390381C7022"
},
{
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8177209E-C74F-4373-B9C6-FAB3903187E7"
},
{
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E9F2B27B-7389-4A71-A9FF-075E2A98656C"
},
{
"criteria": "cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "15A06DA3-DD71-4ABD-AD59-B87DFF1868E7"
}
],
"operator": "OR"
}
]
}
]