WEB APPLICATION VULNERABILITIES Standard & Premium

SAP BO BIP SSRF (CVE-2020-6308)

Description

SAP BO BIP allows an unauthenticated attacker to send arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. An attacker may use this feature to perform SSRF (Server-side request forgery) attacks on the server.

Remediation

Upgrade to the latest version of SAP BO BIP

References

Related Vulnerabilities

MySQL CVE-2020-14619 Vulnerability (CVE-2020-14619)

Magento Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2020-3717)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-35478)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2020-13666)

Dolibarr Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2019-17576)

Severity

Medium

Classification

CVE-2020-6308 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Acumonitor SSRF Known Vulnerabilities