CVE-2020-6294

Name of the Vulnerable Software and Affected Versions SAP Business Objects Business Intelligence Platform versions 4.2, 4.3

Description The issue is related to insufficient access control in the Xvfb server of the SAP Business Objects Business Intelligence Platform. It does not perform authentication checks for functionalities that require user identity, which could allow an attacker to elevate their privileges.

Recommendations For versions 4.2 and 4.3, consider restricting access to the Xvfb server until a fix is available to prevent potential privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.