CVE-2020-6300 — MEDIUM (4.8)

Vulnerability Description

SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to a different end user (victim), as it does not sufficiently encode user-controlled inputs for RecycleBin, resulting in Stored Cross-Site Scripting (XSS) vulnerability.

CVSS Score

4.8

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality

LOW

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Sap	Businessobjects Business Intelligence Platform	4.2

Related Weaknesses (CWE)

CWE-79

References

https://launchpad.support.sap.com/#/notes/2925827Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345Vendor Advisory
https://launchpad.support.sap.com/#/notes/2925827Permissions Required
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=552603345Vendor Advisory

FAQ

What is CVE-2020-6300?

CVE-2020-6300 is a vulnerability with a CVSS score of 4.8 (MEDIUM). SAP Business Objects Business Intelligence Platform (Central Management Console), versions- 4.2, 4.3, allows an attacker with administrator rights can use the web application to send malicious code to...

How severe is CVE-2020-6300?

CVE-2020-6300 has been rated MEDIUM with a CVSS base score of 4.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-6300?

Check the references section above for vendor advisories and patch information. Affected products include: Sap Businessobjects Business Intelligence Platform.