PT-2020-19025 · Sap · Sap Businessobjects Business Intelligence Platform

Published

2020-04-14

Updated

2021-07-21

CVE-2020-6227

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions SAP Business Objects Business Intelligence Platform version 4.2

Description The issue allows an attacker to send specially crafted GIOP packets to several services due to Improper Input Validation, enabling the forging of additional entries in GLF log files.

Recommendations For version 4.2, consider restricting access to the services that accept GIOP packets until a fix is available. As a temporary workaround, monitor GLF log files closely for any suspicious entries.

Fix

Improper Encoding or Escaping of Output

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-116CWE-20

Related Identifiers

CVE-2020-6227

Affected Products

Sap Businessobjects Business Intelligence Platform

PT-2020-19025 · Sap · Sap Businessobjects Business Intelligence Platform

CVE-2020-6227

Weakness Enumeration

Related Identifiers

Affected Products

References · 5