CVE-2020-6308 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-6308 PUBLISHED CVSS 5.300000190734863 MEDIUM

SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability.

EPSS 82.06% · 99.2th percentile

Risk Scores

CVSS v3.0

5.300000190734863

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

EPSS Score

82.06%

99.2th percentile

Affected Products

Vendor	Product	Versions
sap	businessobjects_business_intelligence_platform	4.1, 4.2, 4.3
SAP SE	SAP BusinessObjects Business Intelligence Platform (Web Services)	< 410, < 420, < 430

Timeline

Oct 20, 2020 CVE Published
Apr 14, 2021 EPSS Score
Jun 22, 2021 EPSS Score
Oct 24, 2021 EPSS Score
Dec 25, 2021 EPSS Score
Feb 25, 2022 EPSS Score
Apr 28, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Nov 1, 2022 EPSS Score
Mar 5, 2023 EPSS Score
Mar 7, 2023 EPSS Score
May 6, 2023 EPSS Score

References

Open in Interactive Console →