Vulnerabilities > CVE-2020-6219 - Deserialization of Untrusted Data vulnerability in SAP products

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

sap

CWE-502

NVD

Published: 2020-04-14

Updated: 2020-04-15

Summary

SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and denial of service and unauthorized execution of arbitrary commands, leading to Deserialization of Untrusted Data.

Vulnerable Configurations

Part	Description	Count
Application	Sap SAP Businessobjects Business Intelligence Platform 4.1 SAP Businessobjects Business Intelligence Platform 4.2 SAP Crystal Reports FOR Visual Studio 2010	3

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References