Description
SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check.
References (2)
Core 2
Core References
Broken Link, Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
Permissions Required x_refsource_misc
https://launchpad.support.sap.com/#/notes/2885244
Scores
CVSS v3
9.8
EPSS
0.0023
EPSS Percentile
45.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-306
Status
published
Products (5)
sap/businessobjects_business_intelligence_platform
1.0
sap/businessobjects_business_intelligence_platform
2.0
sap/businessobjects_business_intelligence_platform
2.1
sap/businessobjects_business_intelligence_platform
2.2
sap/businessobjects_business_intelligence_platform
2.3
Published
May 12, 2020
Tracked Since
Feb 18, 2026