SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability.
References
Link | Resource |
---|---|
https://launchpad.support.sap.com/#/notes/2861301 | Permissions Required |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=540935305 | Vendor Advisory |
https://www.zerodayinitiative.com/advisories/ZDI-20-291/ | Third Party Advisory VDB Entry |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2020-03-10T20:20:44
Updated: 2020-03-12T15:06:06
Reserved: 2020-01-08T00:00:00
Link: CVE-2020-6208
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-03-10T21:15:14.903
Modified: 2021-07-21T11:39:23.747
Link: CVE-2020-6208
JSON object: View
Redhat Information
No data.
CWE