Vulnerabilites related to SAP SE - SAP Business Objects Business Intelligence Platform
cve-2020-6223
Vulnerability from cvelistv5
Published
2020-04-14 18:07
Modified
2024-08-04 08:55
Summary
The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. This can misdirect a user who is tricked into accessing these error pages rendered by the application, leading to Content Spoofing.
Impacted products
Vendor Product Version
SAP SE SAP Business Objects Business Intelligence Platform Version: < 4.1
Version: < 4.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T08:55:22.249Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://launchpad.support.sap.com/#/notes/2878507",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "SAP Business Objects Business Intelligence Platform",
               vendor: "SAP SE",
               versions: [
                  {
                     status: "affected",
                     version: "< 4.1",
                  },
                  {
                     status: "affected",
                     version: "< 4.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. This can misdirect a user who is tricked into accessing these error pages rendered by the application, leading to Content Spoofing.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.1,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Content Spoofing",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-04-14T18:07:00",
            orgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            shortName: "sap",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://launchpad.support.sap.com/#/notes/2878507",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cna@sap.com",
               ID: "CVE-2020-6223",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "SAP Business Objects Business Intelligence Platform",
                                 version: {
                                    version_data: [
                                       {
                                          version_name: "<",
                                          version_value: "4.1",
                                       },
                                       {
                                          version_name: "<",
                                          version_value: "4.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "SAP SE",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. This can misdirect a user who is tricked into accessing these error pages rendered by the application, leading to Content Spoofing.",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "6.1",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Content Spoofing",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://launchpad.support.sap.com/#/notes/2878507",
                     refsource: "MISC",
                     url: "https://launchpad.support.sap.com/#/notes/2878507",
                  },
                  {
                     name: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
                     refsource: "MISC",
                     url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd",
      assignerShortName: "sap",
      cveId: "CVE-2020-6223",
      datePublished: "2020-04-14T18:07:00",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T08:55:22.249Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2018-2397
Vulnerability from cvelistv5
Published
2018-03-14 19:00
Modified
2024-08-05 04:21
Summary
In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.
Impacted products
Vendor Product Version
SAP SE SAP Business Objects Business Intelligence Platform Version: 4.00
Version: 4.10
Version: 4.20
Version: 4.30
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-05T04:21:32.881Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "https://launchpad.support.sap.com/#/notes/2550538",
               },
               {
                  name: "103373",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/103373",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "SAP Business Objects Business Intelligence Platform",
               vendor: "SAP SE",
               versions: [
                  {
                     status: "affected",
                     version: "4.00",
                  },
                  {
                     status: "affected",
                     version: "4.10",
                  },
                  {
                     status: "affected",
                     version: "4.20",
                  },
                  {
                     status: "affected",
                     version: "4.30",
                  },
               ],
            },
         ],
         datePublic: "2018-03-13T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.4,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Cross-Site Scripting (XSS)",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-03-15T09:57:02",
            orgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            shortName: "sap",
         },
         references: [
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://launchpad.support.sap.com/#/notes/2550538",
            },
            {
               name: "103373",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/103373",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cna@sap.com",
               ID: "CVE-2018-2397",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "SAP Business Objects Business Intelligence Platform",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "4.00",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "4.10",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "4.20",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "4.30",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "SAP SE",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "In SAP Business Objects Business Intelligence Platform, 4.00, 4.10, 4.20, 4.30, the Central Management Console (CMC) does not sufficiently encode user controlled inputs which results in Cross-Site Scripting.",
                  },
               ],
            },
            impact: {
               cvss: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5.4,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Cross-Site Scripting (XSS)",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/",
                     refsource: "CONFIRM",
                     url: "https://blogs.sap.com/2018/03/13/sap-security-patch-day-march-2018/",
                  },
                  {
                     name: "https://launchpad.support.sap.com/#/notes/2550538",
                     refsource: "CONFIRM",
                     url: "https://launchpad.support.sap.com/#/notes/2550538",
                  },
                  {
                     name: "103373",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/103373",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd",
      assignerShortName: "sap",
      cveId: "CVE-2018-2397",
      datePublished: "2018-03-14T19:00:00",
      dateReserved: "2017-12-15T00:00:00",
      dateUpdated: "2024-08-05T04:21:32.881Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6237
Vulnerability from cvelistv5
Published
2020-04-14 18:36
Modified
2024-08-04 08:55
Summary
Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.
Impacted products
Vendor Product Version
SAP SE SAP Business Objects Business Intelligence Platform Version: < 4.1
Version: < 4.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T08:55:22.178Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://launchpad.support.sap.com/#/notes/2898077",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "SAP Business Objects Business Intelligence Platform",
               vendor: "SAP SE",
               versions: [
                  {
                     status: "affected",
                     version: "< 4.1",
                  },
                  {
                     status: "affected",
                     version: "< 4.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 7.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Information Disclosure",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-04-14T18:36:58",
            orgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            shortName: "sap",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://launchpad.support.sap.com/#/notes/2898077",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cna@sap.com",
               ID: "CVE-2020-6237",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "SAP Business Objects Business Intelligence Platform",
                                 version: {
                                    version_data: [
                                       {
                                          version_name: "<",
                                          version_value: "4.1",
                                       },
                                       {
                                          version_name: "<",
                                          version_value: "4.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "SAP SE",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "7.5",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Information Disclosure",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
                     refsource: "MISC",
                     url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
                  },
                  {
                     name: "https://launchpad.support.sap.com/#/notes/2898077",
                     refsource: "MISC",
                     url: "https://launchpad.support.sap.com/#/notes/2898077",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd",
      assignerShortName: "sap",
      cveId: "CVE-2020-6237",
      datePublished: "2020-04-14T18:36:58",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T08:55:22.178Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6294
Vulnerability from cvelistv5
Published
2020-08-12 13:27
Modified
2024-08-04 08:55
Summary
Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity.
Impacted products
Vendor Product Version
SAP SE SAP Business Objects Business Intelligence Platform Version: < 4.2
Version: < 4.3
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T08:55:22.318Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://launchpad.support.sap.com/#/notes/2927956",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "SAP Business Objects Business Intelligence Platform",
               vendor: "SAP SE",
               versions: [
                  {
                     status: "affected",
                     version: "< 4.2",
                  },
                  {
                     status: "affected",
                     version: "< 4.3",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "ADJACENT_NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 8.5,
                  baseSeverity: "HIGH",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Missing Authentication Check",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-08-12T13:27:19",
            orgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            shortName: "sap",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://launchpad.support.sap.com/#/notes/2927956",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cna@sap.com",
               ID: "CVE-2020-6294",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "SAP Business Objects Business Intelligence Platform",
                                 version: {
                                    version_data: [
                                       {
                                          version_name: "<",
                                          version_value: "4.2",
                                       },
                                       {
                                          version_name: "<",
                                          version_value: "4.3",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "SAP SE",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Xvfb of SAP Business Objects Business Intelligence Platform, versions - 4.2, 4.3, platform on Unix does not perform any authentication checks for functionalities that require user identity.",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "8.5",
                  vectorString: "CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Missing Authentication Check",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345",
                     refsource: "MISC",
                     url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345",
                  },
                  {
                     name: "https://launchpad.support.sap.com/#/notes/2927956",
                     refsource: "MISC",
                     url: "https://launchpad.support.sap.com/#/notes/2927956",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd",
      assignerShortName: "sap",
      cveId: "CVE-2020-6294",
      datePublished: "2020-08-12T13:27:19",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T08:55:22.318Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6269
Vulnerability from cvelistv5
Published
2020-06-10 12:37
Modified
2024-08-04 08:55
Summary
Under certain conditions SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.
Impacted products
Vendor Product Version
SAP SE SAP Business Objects Business Intelligence Platform Version: < 4.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T08:55:22.156Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://launchpad.support.sap.com/#/notes/2905836",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "SAP Business Objects Business Intelligence Platform",
               vendor: "SAP SE",
               versions: [
                  {
                     status: "affected",
                     version: "< 4.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Under certain conditions SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.3,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Information Disclosure",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-06-10T12:37:29",
            orgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            shortName: "sap",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://launchpad.support.sap.com/#/notes/2905836",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cna@sap.com",
               ID: "CVE-2020-6269",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "SAP Business Objects Business Intelligence Platform",
                                 version: {
                                    version_data: [
                                       {
                                          version_name: "<",
                                          version_value: "4.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "SAP SE",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Under certain conditions SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "4.3",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Information Disclosure",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775",
                     refsource: "MISC",
                     url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=547426775",
                  },
                  {
                     name: "https://launchpad.support.sap.com/#/notes/2905836",
                     refsource: "MISC",
                     url: "https://launchpad.support.sap.com/#/notes/2905836",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd",
      assignerShortName: "sap",
      cveId: "CVE-2020-6269",
      datePublished: "2020-06-10T12:37:29",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T08:55:22.156Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6245
Vulnerability from cvelistv5
Published
2020-05-12 17:49
Modified
2024-08-04 08:55
Summary
SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers.
Impacted products
Vendor Product Version
SAP SE SAP Business Objects Business Intelligence Platform Version: < 4.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T08:55:22.271Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://launchpad.support.sap.com/#/notes/2828558",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "SAP Business Objects Business Intelligence Platform",
               vendor: "SAP SE",
               versions: [
                  {
                     status: "affected",
                     version: "< 4.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "LOCAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "HIGH",
                  scope: "UNCHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-99",
                     description: "CWE-99",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-05-12T17:49:07",
            orgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            shortName: "sap",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://launchpad.support.sap.com/#/notes/2828558",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cna@sap.com",
               ID: "CVE-2020-6245",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "SAP Business Objects Business Intelligence Platform",
                                 version: {
                                    version_data: [
                                       {
                                          version_name: "<",
                                          version_value: "4.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "SAP SE",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers.",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "6.5",
                  vectorString: "CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-99",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222",
                     refsource: "MISC",
                     url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222",
                  },
                  {
                     name: "https://launchpad.support.sap.com/#/notes/2828558",
                     refsource: "MISC",
                     url: "https://launchpad.support.sap.com/#/notes/2828558",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd",
      assignerShortName: "sap",
      cveId: "CVE-2020-6245",
      datePublished: "2020-05-12T17:49:07",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T08:55:22.271Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6247
Vulnerability from cvelistv5
Published
2020-05-12 17:49
Modified
2024-08-04 08:55
Summary
SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attacker can crash or flood the Central Management Server, thereby impacting system availability.
Impacted products
Vendor Product Version
SAP SE SAP Business Objects Business Intelligence Platform Version: < 4.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T08:55:22.161Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://launchpad.support.sap.com/#/notes/2828558",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "SAP Business Objects Business Intelligence Platform",
               vendor: "SAP SE",
               versions: [
                  {
                     status: "affected",
                     version: "< 4.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attacker can crash or flood the Central Management Server, thereby impacting system availability.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "HIGH",
                  baseScore: 5.9,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "NONE",
                  integrityImpact: "NONE",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Denial of Service",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-05-12T17:49:27",
            orgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            shortName: "sap",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://launchpad.support.sap.com/#/notes/2828558",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cna@sap.com",
               ID: "CVE-2020-6247",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "SAP Business Objects Business Intelligence Platform",
                                 version: {
                                    version_data: [
                                       {
                                          version_name: "<",
                                          version_value: "4.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "SAP SE",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "SAP Business Objects Business Intelligence Platform, version 4.2, allows an unauthenticated attacker to prevent legitimate users from accessing a service. Using a specially crafted request, the attacker can crash or flood the Central Management Server, thereby impacting system availability.",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "5.9",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Denial of Service",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222",
                     refsource: "MISC",
                     url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222",
                  },
                  {
                     name: "https://launchpad.support.sap.com/#/notes/2828558",
                     refsource: "MISC",
                     url: "https://launchpad.support.sap.com/#/notes/2828558",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd",
      assignerShortName: "sap",
      cveId: "CVE-2020-6247",
      datePublished: "2020-05-12T17:49:28",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T08:55:22.161Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6220
Vulnerability from cvelistv5
Published
2022-06-06 19:45
Modified
2024-08-04 08:55
Summary
BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active.
Impacted products
Vendor Product Version
SAP SE SAP Business Objects Business Intelligence Platform Version: 4.1
Version: 4.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T08:55:22.261Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://launchpad.support.sap.com/#/notes/2878507",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "SAP Business Objects Business Intelligence Platform",
               vendor: "SAP SE",
               versions: [
                  {
                     status: "affected",
                     version: "4.1",
                  },
                  {
                     status: "affected",
                     version: "4.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "HIGH",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 4.4,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Cross Site Scripting",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-06-06T19:45:13",
            orgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            shortName: "sap",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://launchpad.support.sap.com/#/notes/2878507",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cna@sap.com",
               ID: "CVE-2020-6220",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "SAP Business Objects Business Intelligence Platform",
                                 version: {
                                    version_data: [
                                       {
                                          version_affected: "=",
                                          version_value: "4.1",
                                       },
                                       {
                                          version_affected: "=",
                                          version_value: "4.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "SAP SE",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "BI Launchpad and CMC in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, does not sufficiently encode user-controlled inputs, resulting in Cross-Site Scripting (XSS) vulnerability. Exploit is possible only when the bttoken in victim’s session is active.",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "4.4",
                  vectorString: "CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Cross Site Scripting",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://launchpad.support.sap.com/#/notes/2878507",
                     refsource: "MISC",
                     url: "https://launchpad.support.sap.com/#/notes/2878507",
                  },
                  {
                     name: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
                     refsource: "MISC",
                     url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd",
      assignerShortName: "sap",
      cveId: "CVE-2020-6220",
      datePublished: "2022-06-06T19:45:13",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T08:55:22.261Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6195
Vulnerability from cvelistv5
Published
2020-04-14 19:36
Modified
2024-08-04 08:55
Summary
SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gain access to system and If password is known, it would give administrative rights to the attacker to read/modify delete the data and rights within the system.
Impacted products
Vendor Product Version
SAP SE SAP Business Objects Business Intelligence Platform Version: < 4.1
Version: < 4.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T08:55:22.152Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://launchpad.support.sap.com/#/notes/2878507",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "SAP Business Objects Business Intelligence Platform",
               vendor: "SAP SE",
               versions: [
                  {
                     status: "affected",
                     version: "< 4.1",
                  },
                  {
                     status: "affected",
                     version: "< 4.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gain access to system and If password is known, it would give administrative rights to the attacker to read/modify delete the data and rights within the system.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "HIGH",
                  attackVector: "PHYSICAL",
                  availabilityImpact: "HIGH",
                  baseScore: 6.4,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "HIGH",
                  integrityImpact: "HIGH",
                  privilegesRequired: "NONE",
                  scope: "UNCHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Information Disclosure",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-04-14T19:36:32",
            orgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            shortName: "sap",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://launchpad.support.sap.com/#/notes/2878507",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cna@sap.com",
               ID: "CVE-2020-6195",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "SAP Business Objects Business Intelligence Platform",
                                 version: {
                                    version_data: [
                                       {
                                          version_name: "<",
                                          version_value: "4.1",
                                       },
                                       {
                                          version_name: "<",
                                          version_value: "4.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "SAP SE",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gain access to system and If password is known, it would give administrative rights to the attacker to read/modify delete the data and rights within the system.",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "6.4",
                  vectorString: "CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Information Disclosure",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://launchpad.support.sap.com/#/notes/2878507",
                     refsource: "MISC",
                     url: "https://launchpad.support.sap.com/#/notes/2878507",
                  },
                  {
                     name: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
                     refsource: "MISC",
                     url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd",
      assignerShortName: "sap",
      cveId: "CVE-2020-6195",
      datePublished: "2020-04-14T19:36:32",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T08:55:22.152Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2022-24398
Vulnerability from cvelistv5
Published
2022-03-08 13:35
Modified
2024-08-03 04:07
Severity ?
Summary
Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted.
Impacted products
Vendor Product Version
SAP SE SAP Business Objects Business Intelligence Platform Version: < 420
Version: < 430
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-03T04:07:02.518Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://launchpad.support.sap.com/#/notes/3103424",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "SAP Business Objects Business Intelligence Platform",
               vendor: "SAP SE",
               versions: [
                  {
                     status: "affected",
                     version: "< 420",
                  },
                  {
                     status: "affected",
                     version: "< 430",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-200",
                     description: "CWE-200",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2022-03-08T13:35:41",
            orgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            shortName: "sap",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://launchpad.support.sap.com/#/notes/3103424",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cna@sap.com",
               ID: "CVE-2022-24398",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "SAP Business Objects Business Intelligence Platform",
                                 version: {
                                    version_data: [
                                       {
                                          version_name: "<",
                                          version_value: "420",
                                       },
                                       {
                                          version_name: "<",
                                          version_value: "430",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "SAP SE",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Under certain conditions SAP Business Objects Business Intelligence Platform - versions 420, 430, allows an authenticated attacker to access information which would otherwise be restricted.",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "null",
                  vectorString: "null",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "CWE-200",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10",
                     refsource: "MISC",
                     url: "https://dam.sap.com/mac/embed/public/pdf/a/ucQrx6G.htm?rc=10",
                  },
                  {
                     name: "https://launchpad.support.sap.com/#/notes/3103424",
                     refsource: "MISC",
                     url: "https://launchpad.support.sap.com/#/notes/3103424",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd",
      assignerShortName: "sap",
      cveId: "CVE-2022-24398",
      datePublished: "2022-03-08T13:35:41",
      dateReserved: "2022-02-03T00:00:00",
      dateUpdated: "2024-08-03T04:07:02.518Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6218
Vulnerability from cvelistv5
Published
2020-04-14 18:06
Modified
2024-08-04 08:55
Summary
Admin tools and Query Builder in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to access information that should otherwise be restricted, leading to Information Disclosure.
Impacted products
Vendor Product Version
SAP SE SAP Business Objects Business Intelligence Platform Version: < 4.1
Version: < 4.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T08:55:22.118Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://launchpad.support.sap.com/#/notes/2878507",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "SAP Business Objects Business Intelligence Platform",
               vendor: "SAP SE",
               versions: [
                  {
                     status: "affected",
                     version: "< 4.1",
                  },
                  {
                     status: "affected",
                     version: "< 4.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "Admin tools and Query Builder in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to access information that should otherwise be restricted, leading to Information Disclosure.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 5,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "NONE",
                  privilegesRequired: "LOW",
                  scope: "CHANGED",
                  userInteraction: "NONE",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "Information Disclosure",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-04-14T18:06:37",
            orgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            shortName: "sap",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://launchpad.support.sap.com/#/notes/2878507",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cna@sap.com",
               ID: "CVE-2020-6218",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "SAP Business Objects Business Intelligence Platform",
                                 version: {
                                    version_data: [
                                       {
                                          version_name: "<",
                                          version_value: "4.1",
                                       },
                                       {
                                          version_name: "<",
                                          version_value: "4.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "SAP SE",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Admin tools and Query Builder in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to access information that should otherwise be restricted, leading to Information Disclosure.",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "5.0",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "Information Disclosure",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://launchpad.support.sap.com/#/notes/2878507",
                     refsource: "MISC",
                     url: "https://launchpad.support.sap.com/#/notes/2878507",
                  },
                  {
                     name: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
                     refsource: "MISC",
                     url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd",
      assignerShortName: "sap",
      cveId: "CVE-2020-6218",
      datePublished: "2020-04-14T18:06:37",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T08:55:22.118Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2020-6211
Vulnerability from cvelistv5
Published
2020-04-14 19:42
Modified
2024-08-04 08:55
Summary
SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.
Impacted products
Vendor Product Version
SAP SE SAP Business Objects Business Intelligence Platform Version: < 4.1
Version: < 4.2
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-04T08:55:22.038Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://launchpad.support.sap.com/#/notes/2878507",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "SAP Business Objects Business Intelligence Platform",
               vendor: "SAP SE",
               versions: [
                  {
                     status: "affected",
                     version: "< 4.1",
                  },
                  {
                     status: "affected",
                     version: "< 4.2",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.",
            },
         ],
         metrics: [
            {
               cvssV3_0: {
                  attackComplexity: "LOW",
                  attackVector: "NETWORK",
                  availabilityImpact: "NONE",
                  baseScore: 6.1,
                  baseSeverity: "MEDIUM",
                  confidentialityImpact: "LOW",
                  integrityImpact: "LOW",
                  privilegesRequired: "NONE",
                  scope: "CHANGED",
                  userInteraction: "REQUIRED",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  version: "3.0",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "URL Redirection",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2020-04-14T19:42:11",
            orgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd",
            shortName: "sap",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://launchpad.support.sap.com/#/notes/2878507",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cna@sap.com",
               ID: "CVE-2020-6211",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "SAP Business Objects Business Intelligence Platform",
                                 version: {
                                    version_data: [
                                       {
                                          version_name: "<",
                                          version_value: "4.1",
                                       },
                                       {
                                          version_name: "<",
                                          version_value: "4.2",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "SAP SE",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "SAP Business Objects Business Intelligence Platform (AdminTools), versions 4.1, 4.2, allows an attacker to redirect users to a malicious site due to insufficient URL validation and steal credentials of the victim, leading to URL Redirection vulnerability.",
                  },
               ],
            },
            impact: {
               cvss: {
                  baseScore: "6.1",
                  vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
                  version: "3.0",
               },
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "URL Redirection",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "https://launchpad.support.sap.com/#/notes/2878507",
                     refsource: "MISC",
                     url: "https://launchpad.support.sap.com/#/notes/2878507",
                  },
                  {
                     name: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
                     refsource: "MISC",
                     url: "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "e4686d1a-f260-4930-ac4c-2f5c992778dd",
      assignerShortName: "sap",
      cveId: "CVE-2020-6211",
      datePublished: "2020-04-14T19:42:11",
      dateReserved: "2020-01-08T00:00:00",
      dateUpdated: "2024-08-04T08:55:22.038Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}