PT-2020-18997 · Sap · Sap Businessobjects Business Intelligence Platform
Published
2020-04-14
·
Updated
2021-07-21
·
CVE-2020-6195
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAP Business Objects Business Intelligence Platform (CMC) versions 4.1, 4.2
Description
The issue involves the disclosure of cleartext passwords in responses, potentially leading to information disclosure. This could be exploited through social engineering tactics to gain system access. If an attacker obtains a password, they could gain administrative rights, allowing them to read, modify, or delete data and rights within the system.
Recommendations
For version 4.1, update to a version that does not show cleartext passwords in responses to prevent information disclosure.
For version 4.2, update to a version that does not show cleartext passwords in responses to prevent information disclosure.
As a temporary workaround, consider restricting access to the system to minimize the risk of exploitation through social engineering.
Fix
Cleartext Transmission of Sensitive Information
Insufficiently Protected Credentials
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Sap Businessobjects Business Intelligence Platform