PT-2020-19010 · Sap · Sap Businessobjects Business Intelligence Platform

Published

2020-04-14

Updated

2020-04-15

CVE-2020-6211

CVSS v3.1

6.1

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions SAP Business Objects Business Intelligence Platform (AdminTools) versions 4.1, 4.2

Description The issue allows an attacker to redirect users to a malicious site due to insufficient URL validation, potentially leading to the theft of victim credentials.

Recommendations For versions 4.1, update the software to a version that includes proper URL validation to prevent redirection attacks. For version 4.2, apply the necessary configuration changes to ensure sufficient URL validation and prevent credential theft.

Fix

Open Redirect

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-601

Related Identifiers

CVE-2020-6211

Affected Products

Sap Businessobjects Business Intelligence Platform

PT-2020-19010 · Sap · Sap Businessobjects Business Intelligence Platform

CVE-2020-6211

Weakness Enumeration

Related Identifiers

Affected Products

References · 4