CVE-2020-6196 Denial of service (DOS) in SAP BusinessObjects Mobile (MobileBIService), SAP security note 2826782
Description
SAP BusinessObjects Mobile (MobileBIService) allows an unauthenticated attacker using specially-crafted payload to send requests to some endpoints that could overload the impacted servlet and render it unresponsive. This causes a denial of service situation and prevents legitimate users from accessing the impacted component, until it is explicitly restarted.
Available fix and Supported packages
- ENTERPRISE | 420 | 420
- SBOP BI PLATFORM SERVERS 4.2 | SP006 | 001100
- SBOP BI PLATFORM SERVERS 4.2 | SP007 | 000600
- SBOP BI PLATFORM SERVERS 4.2 | SP008 | 000000
Affected component
- MOB-APP-BI-SRV
Mobile BI Server
CVSS
Score: 7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploit
Exploit is not available.
For detailed information please contact the mail [email protected]
URL
https://launchpad.support.sap.com/#/notes/2826782