CVE-2020-6227

HIGH

SAP BusinessObjects <4.2 - Code Injection

Title source: llm
STIX 2.1

Description

SAP Business Objects Business Intelligence Platform (CMS / Auditing issues), version 4.2, allows attacker to send specially crafted GIOP packets to several services due to Improper Input Validation, allowing to forge additional entries in GLF log files.

References (2)

Core 2
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2863396

Scores

CVSS v3 7.5
EPSS 0.0086
EPSS Percentile 54.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE
CWE-116 CWE-20
Status published
Products (1)
sap/businessobjects_business_intelligence_platform 4.2
Published Apr 14, 2020
Tracked Since Feb 18, 2026