CVE-2020-6208

CVSS 7.5 HIGHEPSS 1.1%

Vexday Risk Score

21Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 7.5EPSS 1.1%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

10 Mar 2020Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability.

CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H

Affected products

SAP SE · SAP Business Objects Business Intelligence Platform (Crystal Reports)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://launchpad.support.sap.com/#/notes/2861301 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305 https://www.zerodayinitiative.com/advisories/ZDI-20-291/