Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

CVE-2020-6195 Multiple vulnerabilities in SAP Business Objects Business Intelligence Platform, SAP security note 2878507

Description

This SAP Security Note addresses several vulnerabilities identified in SAP Business Objects Business Intelligence Platform. The vulnerability details along with their CVE relevant information can be found below.

Information Disclosure :
The vulnerability is identified in BILaunchpad/CMC. Passwords submitted to the application are returned in clear form in later responses from the application.

  • CVE-2020-6195
  • CVSS: 6.4; CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

URL Redirection :
AdminTools of SAP BI allows an attacker to redirect users to a malicious site due to insufficient URL validation.

  • CVE-2020-6211
  • CVSS: 6.1; CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Some well-known impacts of URL Redirection vulnerability are –

  • Phishing attacks to steal credentials of the victim   
  • Redirect users to untrusted webpages containing malware or similar malicious exploits.

Content Spoofing :
The open document area allows an attacker to modify certain error pages to include malicious content. This can misdirect a user who is tricked into accessing these error pages rendered by the application.

  • CVE-2020-6223
  • CVSS: 6.1; CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

XSS :

The below mentioned applications do not sufficiently encode user-controlled inputs resulting in respective XSS issues. The individual CVSS scores and CVEs of the vulnerabilities can be found below.

Stored & Reflected XSS : Web Intelligence HTML interface

  • CVE-2020-6221
  • CVSS: 5.4; CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Information Disclosure : AdminTools/Query Builder

  • CVE-2020-6218
  • CVSS: 5.0; CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N

Reflected XSS : SAP BusinessObjects BI and CMC

  • CVE-2020-6220
  • CVSS: 4.4; CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

Impacts of XSS:

  • Non-permanently deface or modify displayed content from a Web site
  • Steal authenticated information of the user, such as data relating to his or her current session
  • Impersonate the user and access all information with the same rights as the target user

Available fix and Supported packages

  • ENTERPRISE | 410 | 410
  • ENTERPRISE | 420 | 420
  • ENTERPRISE | 430 | 430
  • SBOP BI PLATFORM SERVERS 4.1 | SP012 | 000300
  • SBOP BI PLATFORM SERVERS 4.2 | SP006 | 001300
  • SBOP BI PLATFORM SERVERS 4.2 | SP007 | 000900
  • SBOP BI PLATFORM SERVERS 4.2 | SP008 | 000000
  • SBOP BI PLATFORM SERVERS 4.3 | SP000 | 000000

Affected component

    BI-BIP-INV
    InfoView, BI launch pad

CVSS

Score: 6.4
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2878507

TAGS

#Information-disclosure.-Password-visibility
#Logon
#Encryption
#display
#CMC
#InfoView
#BI-Launchpad
#Open-redirect
#Cross-site-redirect
#Cross-domain-redirect
#Content-spoofing
#trust-relationship
#XSS
#Stored-XSS
#DOM-based-XSS
#CSS
#Reflected-XSS

Explore More

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.