CVE-2020-6237 — Sensitive Information Exposure in SE SAP Business Objects Business Intelligence Platform

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 42.62%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Business Objects Business Intelligence Platform SAP Businessobjects Business Intelligence Platform

Timeline

PublishedApr 14

Latest updateMay 24

Description

Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5sap_se/sap_business_objects_business_intelligence_platform< 4.1+1

▶NVDsap/businessobjects_business_intelligence_platform4.1, 4.2+1

🔴Vulnerability Details

GHSA

GHSA-9697-r6gv-4r4x: Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4↗2022-05-24

▶

CVEList

CVE-2020-6237: Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4↗2020-04-14

▶

💬Community

Bugzilla

CVE-2019-6237 webkitgtk: Multiple memory corruption issues leading to arbitrary code execution↗2020-09-08

▶