CVE-2020-6288

Name of the Vulnerable Software and Affected Versions SAP Business Objects Business Intelligence Platform (affected versions not specified)

Description The issue allows an attacker with edit document rights to upload any file, including script files, without proper file format validation. This leads to the unrestricted upload of files with dangerous types. An attacker can modify formulas and display erroneous content. The server is not affected, only the current user's browser session, which can easily be closed.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.