CVE-2020-6208

CWE-416Use After FreeCWE-94Code Injection3 documents3 sources
Severity
8.2HIGH
EPSS
2.6%
top 14.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Business Objects Business Intelligence Platform (crystal Reports)SAP Crystal Reports
Timeline
PublishedMar 10
Latest updateMay 24

Description

SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:HExploitability: 1.5 | Impact: 6.0

Affected Packages2 packages

NVDsap/crystal_reports4.1, 4.2+1

🔴Vulnerability Details

2
GHSA
GHSA-j37h-pxr7-r959: SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 42022-05-24
CVEList
CVE-2020-6208: SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 42020-03-10
CVE-2020-6208 (HIGH CVSS 8.2) | SAP Business Objects Business Intel | cvebase.io