Description
This SAP Security Note addresses several vulnerabilities identified in SAP Business Objects Business Intelligence Platform. The vulnerability details along with their CVE relevant information can be found below.
Information Disclosure :
The vulnerability is identified in BILaunchpad/CMC. Passwords submitted to the application are returned in clear form in later responses from the application.
- CVE-2020-6195
- CVSS: 6.4; CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
URL Redirection :
AdminTools of SAP BI allows an attacker to redirect users to a malicious site due to insufficient URL validation.
- CVE-2020-6211
- CVSS: 6.1; CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Some well-known impacts of URL Redirection vulnerability are –
- Phishing attacks to steal credentials of the victim
- Redirect users to untrusted webpages containing malware or similar malicious exploits.
Content Spoofing :
The open document area allows an attacker to modify certain error pages to include malicious content. This can misdirect a user who is tricked into accessing these error pages rendered by the application.
- CVE-2020-6223
- CVSS: 6.1; CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
XSS :
The below mentioned applications do not sufficiently encode user-controlled inputs resulting in respective XSS issues. The individual CVSS scores and CVEs of the vulnerabilities can be found below.
Stored & Reflected XSS : Web Intelligence HTML interface
- CVE-2020-6221
- CVSS: 5.4; CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Information Disclosure : AdminTools/Query Builder
- CVE-2020-6218
- CVSS: 5.0; CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N
Reflected XSS : SAP BusinessObjects BI and CMC
- CVE-2020-6220
- CVSS: 4.4; CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
Impacts of XSS:
- Non-permanently deface or modify displayed content from a Web site
- Steal authenticated information of the user, such as data relating to his or her current session
- Impersonate the user and access all information with the same rights as the target user
Available fix and Supported packages
- ENTERPRISE | 410 | 410
- ENTERPRISE | 420 | 420
- ENTERPRISE | 430 | 430
- SBOP BI PLATFORM SERVERS 4.1 | SP012 | 000300
- SBOP BI PLATFORM SERVERS 4.2 | SP006 | 001300
- SBOP BI PLATFORM SERVERS 4.2 | SP007 | 000900
- SBOP BI PLATFORM SERVERS 4.2 | SP008 | 000000
- SBOP BI PLATFORM SERVERS 4.3 | SP000 | 000000
Affected component
- BI-BIP-INV
InfoView, BI launch pad
CVSS
Score: 6.4
CVSS:3.0/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
PoC
Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.
URL
https://launchpad.support.sap.com/#/notes/2878507