CVE-2020-6189 — Information Exposure via Error Message in SE SAP Business Objects Business Intelligence Platform

CWE-209 — Information Exposure via Error Message CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

5.3MEDIUMNVD

EPSS

0.3%

top 47.53%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Business Objects Business Intelligence Platform SAP Businessobjects Business Intelligence Platform

Timeline

PublishedFeb 12

Latest updateMay 24

Description

Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4.2, generates error messages that can give enterprise private-network related information which would otherwise be restricted leading to Information Disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDsap/businessobjects_business_intelligence_platform4.2

▶CVEListV5sap_se/sap_business_objects_business_intelligence_platform= 4.2

🔴Vulnerability Details

GHSA

GHSA-jrfj-phv3-2px8: Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4↗2022-05-24

▶

CVEList

CVE-2020-6189: Certain settings page(s) in SAP Business Objects Business Intelligence Platform (CMC), version 4↗2020-02-12

▶