CVE-2020-6237

moderate-risk

Published 2020-04-14

Under certain conditions, SAP Business Objects Business Intelligence Platform, version 4.1, 4.2, dswsbobje web application allows an attacker to access information which would otherwise be restricted, leading to Information Disclosure.

Do I need to act?

0.35% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (2)

Businessobjects Business Intelligence Platform

Affected Vendors

Sap

References (4)

Permissions Required https://launchpad.support.sap.com/#/notes/2898077

Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202

Permissions Required https://launchpad.support.sap.com/#/notes/2898077

Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 7/34 · Low