SAP Business Objects Business Intelligence Platform versions 1.0 Missing Authentication for Critical Function Vulnerability

Summary

SAP Business Objects Business Intelligence Platform versions 1.0 suffers from missing authentication for critical function vulnerability

Credit:

The information has been provided by Ahmad Halabi

The original article can be found at:https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222


Details

SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.x, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check.

 

Vulnerable Systems:

SAP Business Objects Business Intelligence Platform versions 1.0

SAP Business Objects Business Intelligence Platform versions 2.0

SAP Business Objects Business Intelligence Platform versions 2.x

 

CVE Information:

CVE-2020-6242

 

Disclosure Timeline:
Published Date:5/12/2020

Categories: FeaturedNews