CVE-2020-6288 is a vulnerability in SAP Businessobjects Business Intelligence Platform
Published on September 9, 2020
SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface) allows an attacker with edit document rights to upload any file (including script files) without proper file format validation leading to Unrestricted upload of file with dangerous type vulnerability. The attacker can modify some formulas and display erroneous content. The server is not affected only the current user browser session, that can easily be closed.
Weakness Type
What is an Unrestricted File Upload Vulnerability?
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
CVE-2020-6288 has been classified to as an Unrestricted File Upload vulnerability or weakness.
Products Associated with CVE-2020-6288
Want to know whenever a new CVE is published for SAP Businessobjects Business Intelligence Platform? stack.watch will email you.
Affected Versions
SAP SE SAP Business Objects Business Intelligence Platform (Web Intelligence HTML interface):- Version < 4.1 is affected.
- Version < 4.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.