Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

CVE-2020-6196 Denial of service (DOS) in SAP BusinessObjects Mobile (MobileBIService), SAP security note 2826782

Description

SAP BusinessObjects Mobile (MobileBIService) allows an unauthenticated attacker using specially-crafted payload to send requests to some endpoints that could overload the impacted servlet and render it unresponsive. This causes a denial of service situation and prevents legitimate users from accessing the impacted component, until it is explicitly restarted.

Available fix and Supported packages

  • ENTERPRISE | 420 | 420
  • SBOP BI PLATFORM SERVERS 4.2 | SP006 | 001100
  • SBOP BI PLATFORM SERVERS 4.2 | SP007 | 000600
  • SBOP BI PLATFORM SERVERS 4.2 | SP008 | 000000

Affected component

    MOB-APP-BI-SRV
    Mobile BI Server

CVSS

Score: 7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2826782

TAGS

#DoS
#MobileBIService
#SAP-BusinessObjects-Mobile
#CVE-2020-6196

Explore More

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.