Skip links

CVE-2020-6196 Denial of service (DOS) in SAP BusinessObjects Mobile (MobileBIService), SAP security note 2826782

Description

SAP BusinessObjects Mobile (MobileBIService) allows an unauthenticated attacker using specially-crafted payload to send requests to some endpoints that could overload the impacted servlet and render it unresponsive. This causes a denial of service situation and prevents legitimate users from accessing the impacted component, until it is explicitly restarted.

Available fix and Supported packages

  • ENTERPRISE | 420 | 420
  • SBOP BI PLATFORM SERVERS 4.2 | SP006 | 001100
  • SBOP BI PLATFORM SERVERS 4.2 | SP007 | 000600
  • SBOP BI PLATFORM SERVERS 4.2 | SP008 | 000000

Affected component

    MOB-APP-BI-SRV
    Mobile BI Server

CVSS

Score: 7.5
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploit

Exploit is not available.
For detailed information please contact the mail [email protected]

URL

https://launchpad.support.sap.com/#/notes/2826782

TAGS

#DoS
#MobileBIService
#SAP-BusinessObjects-Mobile
#CVE-2020-6196