Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-6219

SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and denial of service and unauthorized execution of arbitrary commands, leading to Deserialization of Untrusted Data.

Published

2020-04-14T19:15:17.250

Last Modified

2024-11-21T05:35:19.490

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.0

Impact Score

6.4

Weaknesses
  • Type: Secondary
    CWE-502
  • Type: Primary
    CWE-502
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application sap businessobjects_business_intelligence_platform 4.1 Yes
Application sap businessobjects_business_intelligence_platform 4.2 Yes
Application sap crystal_reports_for_visual_studio 2010 Yes
References