CVE-2020-6219
HIGHSAP Business Objects <4.3 - Deserialization
Title source: llmDescription
SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and denial of service and unauthorized execution of arbitrary commands, leading to Deserialization of Untrusted Data.
Scores
CVSS v3
8.8
EPSS
0.0126
EPSS Percentile
79.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Classification
CWE
CWE-502
Status
published
Affected Products (3)
sap/businessobjects_business_intelligence_platform
sap/businessobjects_business_intelligence_platform
sap/crystal_reports_for_visual_studio
Timeline
Published
Apr 14, 2020
Tracked Since
Feb 18, 2026