PT-2020-19038 · Sap · Sap Businessobjects Business Intelligence Platform
Published
2020-05-12
·
Updated
2022-10-06
·
CVE-2020-6242
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
SAP Business Objects Business Intelligence Platform (Live Data Connect) versions 1.0 through 2.3
Description
The issue allows an attacker to logon to the Central Management Console without a password if the BIPRWS application server is not protected with a specific certificate, leading to a missing authentication check.
Recommendations
For versions 1.0 through 2.3, ensure the BIPRWS application server is protected with the required specific certificate to prevent unauthorized access to the Central Management Console.
Fix
Missing Authentication
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Businessobjects Business Intelligence Platform