CVE-2020-6242

EUVD-2020-27392
SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
sapCNA
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
sapbusinessobjects_business_intelligence_platform
1.0
sapbusinessobjects_business_intelligence_platform
2.0
sapbusinessobjects_business_intelligence_platform
2.1
sapbusinessobjects_business_intelligence_platform
2.2
sapbusinessobjects_business_intelligence_platform
2.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://launchpad.support.sap.com/#/notes/2885244
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
https://launchpad.support.sap.com/#/notes/2885244
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222