Description

SAP BO BIP allows an unauthenticated attacker to send arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. An attacker may use this feature to perform SSRF (Server-side request forgery) attacks on the server.

Remediation

Upgrade to the latest version of SAP BO BIP

References

CVE-2020-6308

Related Vulnerabilities

XML external entity injection

Apache Shiro Deserialization RCE

WordPress Plugin Mapplic-Custom Interactive Map Server-Side Request Forgery (6.1)

SAML Consumer Service External Dereference SSRF

WordPress 5.1.x Multiple Vulnerabilities (5.1 - 5.1.2)

Severity

Medium

Classification

CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Acumonitor SSRF