PT-2020-5168 · Sap · Sap Data Intelligence+1

Published

2020-08-12

Updated

2021-07-21

CVE-2020-6297

CVSS v2.0

6.8

Medium

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:P

Name of the Vulnerable Software and Affected Versions SAP Data Intelligence versions 3.0 SAP Data Hub version 2.7

Description The issue is related to the lack of protection for internal data in the SAP Data Intelligence platform. Under specific conditions, such as the upgrade from SAP Data Hub 2.7 to SAP Data Intelligence 3.0, an attacker can access restricted system configuration information, leading to the disclosure of protected information.

Recommendations For SAP Data Intelligence version 3.0, update to a version that includes the necessary security fixes to protect internal data. For SAP Data Hub version 2.7, avoid upgrading to SAP Data Intelligence 3.0 until a secure upgrade path is provided to prevent information disclosure.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

BDU:2020-05779

CVE-2020-6297

Affected Products

Sap Data Hub

Sap Data Intelligence

PT-2020-5168 · Sap · Sap Data Intelligence+1

CVE-2020-6297

Weakness Enumeration

Related Identifiers

Affected Products

References · 5