CVE-2020-6218

Description

Admin tools and Query Builder in SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to access information that should otherwise be restricted, leading to Information Disclosure.

CVSS breakdown

CVSS 3.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

Low

Integrity

None

Availability

None

Affected products

SAP_SE / SAP Business Objects Business Intelligence Platform< 4.1 – < 4.1
SAP_SE / SAP Business Objects Business Intelligence Platform< 4.2 – < 4.2

References

MISChttps://launchpad.support.sap.com/#/notes/2878507
MISChttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202