Skip links

CVE-2020-6189 Information Disclosure in SAP BusinessObjects BI Central Management Console, SAP security note 2695210

Description

Under certain conditions, Central Management Console allows an attacker to access certain enterprise private-network related information which would otherwise be restricted.

Some well-known impacts of Information Disclosure are –

  • loss of information and system configuration confidentiality
  • information gathering for further exploits and attacks 

Available fix and Supported packages

  • ENTERPRISE | 420 | 420
  • SBOP BI PLATFORM SERVERS 4.2 | SP004 | 000012
  • SBOP BI PLATFORM SERVERS 4.2 | SP005 | 000700
  • SBOP BI PLATFORM SERVERS 4.2 | SP006 | 000300
  • SBOP BI PLATFORM SERVERS 4.2 | SP007 | 000700
  • SBOP BI PLATFORM SERVERS 4.2 | SP008 | 000000
  • SBOP BI PLATFORM SERVERS 4.3 | SP000 | 000000

Affected component

    BI-RA-WBI-FE-HTM
    HTML Front End

CVSS

Score: 5.3
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2695210

TAGS

#Information-Exposure
#Information-Leak
#&160-CVE-2020-6189