Skip links
Vahagn Vardanian

Vahagn Vardanian

Co-founder and CTO of RedRays

CVE-2020-6325 Multiple Vulnerabilities in SAP BusinessObjects Business Intelligence Platform, SAP security note 2930128

Description

This SAP Security Note addresses several vulnerabilities identified in SAP BusinessObjects Business Intelligence Platform. The vulnerability details along with their CVE relevant information can be found below.

Cross-Site Scripting (XSS) vulnerability : 

BI Workspace does not sufficiently encode user controlled inputs, resulting in Reflected Cross-Site Scripting (XSS) vulnerability. Privileges are required to login to the application and craft malicious urls required to exploit this vulnerability.

An attacker exploiting this XSS vulnerability could have impacts on : Confidentiality such as theft of user authentication information including data related to the user’s current session. This could result in user impersonation and access to information with the same rights as the targeted use. Another impact is Integrity such as non-permanent defacing or modification of displayed content.

  • CVE-2020-6325
  • CVSS: 5.4; CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Cross-Site Scripting (XSS) vulnerability : 

Stored Cross Site Scripting is possible in Web Intelligence HTML interface of Bi platform. An attacker with a non-administrative user account, that can edit certain web page properties, can modify how a browser processes particular page elements.  In certain situations, when a user accesses an affected web page element, the attacker will be able to access or modify metadata for which they are not authorized.

  • CVE-2020-6312
  • CVSS: 5.4; CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Unrestricted File Upload vulnerability : 

Web Intelligence HTML interface of Business Intelligence Platform allows an attacker with edit document rights to upload any file (including script files) without proper file format validation. When a victim displays the malicious file inside a browser over network (XSS) the attacker will be able to get data that is accessible to the victim user. Data stored in the database cannot be overwritten. In the worst case, the attacker can modify some formulas and display erroneous content. The server is not affected only the current user browser, that can easily closed.

  • CVE-2020-6288
  • CVSS: 4.6; CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

Available fix and Supported packages

  • ENTERPRISE | 410 | 410
  • ENTERPRISE | 420 | 420
  • SBOP BI PLATFORM SERVERS 4.1 | SP012 | 000800
  • SBOP BI PLATFORM SERVERS 4.2 | SP007 | 001200
  • SBOP BI PLATFORM SERVERS 4.2 | SP008 | 000400
  • SBOP BI PLATFORM SERVERS 4.2 | SP009 | 000000

Affected component

    BI-BIP-BIW
    BI Workspaces (Dashboard Builder)

CVSS

Score: 5.4
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

PoC

Detailed vulnerability information added to RedRays Security Platform. Contact [email protected] for details.

URL

https://launchpad.support.sap.com/#/notes/2930128

TAGS

#XSS
#Reflected&160-XSS
#&160-CSS&65279
#&160-CVE-2020-6325
#Stored-XSS
#WebI
#&160-CVE-2020-6312
#Upload-of-untrusted-files
#File-upload-vulnerability
#CVE-2020-6288

More to explorer

Special offer for SAP Security Udemy course!

$ 9.99

Join “SAP Security Core Concepts and Security Administration” which is part of the Blackhat course series.