CVE-2020-6227Improper Input Validation in SE SAP Business Objects Business Intelligence Platform

CWE-20Improper Input ValidationCWE-116Improper Encoding or Escaping of Output3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 48.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Business Objects Business Intelligence PlatformSAP Businessobjects Business Intelligence Platform
Timeline
PublishedApr 14
Latest updateMay 24

Description

SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP packets to several services due to Improper Input Validation, allowing to forge additional entries in GLF log files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-h2h4-4f7m-c9r8: SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 42022-05-24
CVEList
CVE-2020-6227: SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 42020-04-14
CVE-2020-6227 — Improper Input Validation | cvebase