Description

SAP BO BIP allows an unauthenticated attacker to send arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. An attacker may use this feature to perform SSRF (Server-side request forgery) attacks on the server.

Remediation

Upgrade to the latest version of SAP BO BIP

References

CVE-2020-6308

Related Vulnerabilities

Django Improper Validation of Specified Quantity in Input Vulnerability (CVE-2023-41164)

Oracle Database Server CVE-2006-3702 Vulnerability (CVE-2006-3702)

Jboss EAP Permissions, Privileges, and Access Controls Vulnerability (CVE-2014-0093)

Oracle Application Server CVE-2008-2614 Vulnerability (CVE-2008-2614)

PHP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-1171)

Severity

Medium

Classification

CVE-2020-6308 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Acumonitor SSRF Known Vulnerabilities