CVE-2020-6245

low-risk

Published 2020-05-12

SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers.

Do I need to act?

0.05% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.7/10 Medium

LOCAL / LOW complexity

Affected Products (1)

Businessobjects Business Intelligence Platform

Affected Vendors

Sap

References (4)

Permissions Required https://launchpad.support.sap.com/#/notes/2828558

Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222

Permissions Required https://launchpad.support.sap.com/#/notes/2828558

Vendor Advisory https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222

/ 100

low-risk

Severity 21/34 · High

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal