CVE-2020-6208

Name of the Vulnerable Software and Affected Versions SAP Business Objects Business Intelligence Platform (Crystal Reports) versions 4.1, 4.2

Description The issue allows an attacker with basic authorization to inject code that can be executed by the application, leading to Remote Code Execution. This can control the behaviour of the application. Although the mode of attack is only Local, multiple applications can be impacted as a result of the issue. The vulnerability is related to errors in code generation management, which can allow an attacker to execute arbitrary code.

Recommendations For versions 4.1 and 4.2, at the moment, there is no information about a newer version that contains a fix for this issue.