CVE-2020-6195

CWE-319 — Cleartext Transmission CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

9.8CRITICAL

EPSS

0.2%

top 58.66%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Business Objects Business Intelligence Platform SAP Businessobjects Business Intelligence Platform

Timeline

PublishedApr 14

Latest updateMay 24

Description

SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gain access to system and If password is known, it would give administrative rights to the attacker to read/modify delete the data and rights within the system.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5sap_se/sap_business_objects_business_intelligence_platform< 4.1+1

▶NVDsap/businessobjects_business_intelligence_platform4.1, 4.2+1

🔴Vulnerability Details

GHSA

GHSA-9w69-cmrr-7x8x: SAP Business Objects Business Intelligence Platform (CMC), version 4↗2022-05-24

▶

CVEList

CVE-2020-6195: SAP Business Objects Business Intelligence Platform (CMC), version 4↗2020-04-14

▶