CVE-2020-6223

EPSS 0.22%
Veröffentlicht 14.04.2020 19:15:17
Zuletzt bearbeitet 21.11.2024 05:35:19
Quelle cna@sap.com
CVE-Watchlists
Login
Unerledigt
Login

The open document of SAP Business Objects Business Intelligence Platform, versions 4.1, 4.2, allows an attacker to modify certain error pages to include malicious content. This can misdirect a user who is tricked into accessing these error pages rendered by the application, leading to Content Spoofing.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

SAP ≫ Businessobjects Business Intelligence Platform Version4.1 Update-

SAP ≫ Businessobjects Business Intelligence Platform Version4.2 Update-

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.22%	0.442

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.1	2.8	2.7	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvd@nist.gov	5.8	8.6	4.9	AV:N/AC:M/Au:N/C:P/I:P/A:N
cna@sap.com	6.1	2.8	2.7	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

The web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a redirect.

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202

Vendor Advisory

https://launchpad.support.sap.com/#/notes/2878507

Vendor Advisory

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2020-6223

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-6223

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-6223

EUVD