CVE-2020-6195

CRITICAL

SAP Business Objects <4.2 - Info Disclosure

Title source: llm

Description

SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gain access to system and If password is known, it would give administrative rights to the attacker to read/modify delete the data and rights within the system.

References (2)

Core 2

Core References

Permissions Required, Vendor Advisory x_refsource_misc

https://launchpad.support.sap.com/#/notes/2878507

Vendor Advisory x_refsource_misc

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202

Scores

CVSS v3 9.8

EPSS 0.0019

EPSS Percentile 41.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-319 CWE-522

Status published

Products (2)

sap/businessobjects_business_intelligence_platform 4.1

sap/businessobjects_business_intelligence_platform 4.2

Published Apr 14, 2020

Tracked Since Feb 18, 2026