PT-2020-18992 · Sap · Sap Businessobjects Business Intelligence Platform
Published
2020-02-12
·
Updated
2021-07-21
·
CVE-2020-6189
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SAP Business Objects Business Intelligence Platform (CMC) version 4.2
Description
The issue concerns certain settings pages in the SAP Business Objects Business Intelligence Platform (CMC) that generate error messages. These error messages can disclose enterprise private-network related information that would otherwise be restricted.
Recommendations
For SAP Business Objects Business Intelligence Platform (CMC) version 4.2, consider restricting access to the settings pages that generate sensitive error messages until a fix is available. As a temporary workaround, review and modify error message configurations to minimize the disclosure of private-network related information.
Fix
Generation of Error Message Containing Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Businessobjects Business Intelligence Platform