Published: 12/05/2020 Updated: 06/10/2022

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9

VMScore: 668

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Subscribe to Businessobjects Business Intelligence Platform

SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an malicious user to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check.

Vulnerable Product	Search on Vulmon	Subscribe to Product
sap businessobjects business intelligence platform 1.0
sap businessobjects business intelligence platform 2.0
sap businessobjects business intelligence platform 2.1
sap businessobjects business intelligence platform 2.2
sap businessobjects business intelligence platform 2.3

Sadly, 111 in this story isn't binary. It's decimal. It's the number of security fixes emitted by Microsoft this week

The Register • Shaun Nichols in San Francisco • 13 May 2020

Nothing too scary. Plus updates from SAP, Adobe, VMware One malicious MMS is all it takes to pwn a Samsung smartphone: Bug squashed amid Android patch batch

Patch Tuesday The May edition of Patch Tuesday landed this week. And there are scores of security fixes to install. A total of 111 fixes were released by Microsoft, though on the bright side none are being actively exploited, as far as we know. Sixteen earned Microsoft's top rating of critical, and range from remote code execution to elevation of privilege. One standout programming blunder was CVE-2020-1067, a remote-code execution (RCE) vulnerability in all supported versions of Windows. Anyone...

CVE-2020-6242

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect