CVE-2020-6195

CRITICAL

SAP Business Objects <4.2 - Info Disclosure

Title source: llm

Description

SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gain access to system and If password is known, it would give administrative rights to the attacker to read/modify delete the data and rights within the system.

References (2)

[Permissions Required, Vendor Advisory] https://launchpad.support.sap.com/#/notes/2878507

[Vendor Advisory] https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202

Scores

CVSS v3 9.8

EPSS 0.0019

EPSS Percentile 41.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-319 CWE-522

Status published

Affected Products (2)

sap/businessobjects_business_intelligence_platform

Timeline

Published Apr 14, 2020

Tracked Since Feb 18, 2026