CVE-2020-6237

Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
sapCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 51%
VendorProductVersion
sapbusinessobjects_business_intelligence_platform
4.1
sapbusinessobjects_business_intelligence_platform
4.2
𝑥
= Vulnerable software versions
References
https://launchpad.support.sap.com/#/notes/2898077
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202
https://launchpad.support.sap.com/#/notes/2898077
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202