CVE-2020-6294 — Missing Authentication for Critical Function in SE SAP Business Objects Business Intelligence Platform

CWE-306 — Missing Authentication for Critical Function3 documents3 sources

Severity

9.1CRITICALNVD

EPSS

0.3%

top 45.93%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Business Objects Business Intelligence Platform SAP Businessobjects Business Intelligence Platform

Timeline

PublishedAug 12

Latest updateMay 24

Description

Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5sap_se/sap_business_objects_business_intelligence_platform< 4.2+1

▶NVDsap/businessobjects_business_intelligence_platform4.2, 4.3+1

🔴Vulnerability Details

GHSA

GHSA-f5jc-8383-8hp7: Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4↗2022-05-24

▶

CVEList

CVE-2020-6294: Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4↗2020-08-12

▶