SAP BusinessObjects Business Intelligence Platform 410/420/430 Web Services server-side request forgery

entryeditHistoryDiffjsonxmlCTI

A vulnerability was found in SAP BusinessObjects Business Intelligence Platform 410/420/430 (Business Process Management Software) and classified as critical. This issue affects some unknown functionality of the component Web Services. There is no information about possible countermeasures known. It may be suggested to replace the affected object with an alternative product.

Field11/20/2020 08:19 AM11/21/2020 10:20 PM11/21/2020 10:26 PM
vendorSAPSAPSAP
nameBusinessObjects Business Intelligence PlatformBusinessObjects Business Intelligence PlatformBusinessObjects Business Intelligence Platform
version410/420/430410/420/430410/420/430
componentWeb ServicesWeb ServicesWeb Services
cwe918918918
risk222
cvss3_vuldb_avNNN
cvss3_vuldb_prNNN
cvss3_vuldb_uiNNN
cvss3_vuldb_cLLL
cvss3_vuldb_iLLL
cvss3_vuldb_aLLL
cveCVE-2020-6308CVE-2020-6308CVE-2020-6308
date160314480016031448001603144800
typeBusiness Process Management SoftwareBusiness Process Management SoftwareBusiness Process Management Software
cvss2_vuldb_avNNN
cvss2_vuldb_auNNN
cvss2_vuldb_ciPPP
cvss2_vuldb_iiPPP
cvss2_vuldb_aiPPP
cvss2_vuldb_acMMM
cvss2_vuldb_eNDNDND
cvss2_vuldb_rlNDNDND
cvss2_vuldb_rcNDNDND
cvss3_vuldb_acLLL
cvss3_vuldb_sUUU
cvss3_vuldb_eXXX
cvss3_vuldb_rlXXX
cvss3_vuldb_rcXXX
cvss2_vuldb_basescore6.86.86.8
cvss2_vuldb_tempscore6.86.86.8
cvss3_vuldb_basescore7.37.37.3
cvss3_vuldb_tempscore7.37.37.3
cvss3_meta_basescore6.36.36.3
cvss3_meta_tempscore6.36.36.3
price_0day$5k-$25k$5k-$25k$5k-$25k
cvss2_nvd_basescore5.05.05.0
cvss3_nvd_basescore5.35.35.3
cve_assigned15784380001578438000
cve_nvd_summarySAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability.SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability.
cvss3_nvd_avN
cvss3_nvd_acL
cvss3_nvd_prN
cvss3_nvd_uiN
cvss3_nvd_sU
cvss3_nvd_cL
cvss3_nvd_iN
cvss3_nvd_aN
cvss2_nvd_avN
cvss2_nvd_acL
cvss2_nvd_auN
cvss2_nvd_ciP
cvss2_nvd_iiN
cvss2_nvd_aiN
cve_cnaSAP SE

Do you want to use VulDB in your project?

Use the official API to access entries easily!