9.6
CVE-2020-26831
- EPSS 0.62%
- Veröffentlicht 09.12.2020 17:15:31
- Zuletzt bearbeitet 21.11.2024 05:20:21
- Quelle cna@sap.com
- Teams Watchlist Login
- Unerledigt Login
SAP BusinessObjects BI Platform (Crystal Report), versions - 4.1, 4.2, 4.3, does not sufficiently validate uploaded XML entities during crystal report generation due to missing XML validation, An attacker with basic privileges can inject some arbitrary XML entities leading to internal file disclosure, internal directories disclosure, Server-Side Request Forgery (SSRF) and denial-of-service (DoS).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
SAP ≫ Businessobjects Business Intelligence Platform Version4.1 Update-
SAP ≫ Businessobjects Business Intelligence Platform Version4.2 Update-
SAP ≫ Businessobjects Business Intelligence Platform Version4.3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.62% | 0.674 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.6 | 3.1 | 5.8 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
|
| nvd@nist.gov | 5.5 | 8 | 4.9 |
AV:N/AC:L/Au:S/C:P/I:N/A:P
|
| cna@sap.com | 9.6 | 3.1 | 5.8 |
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
|