Описание
SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.1, 2.2, 2.3, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check.
Ссылки
- Permissions Required
- Broken LinkVendor Advisory
- Broken LinkVendor Advisory
- Permissions Required
- Broken LinkVendor Advisory
- Broken LinkVendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:1.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2.0:*:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2.1:*:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2.2:*:*:*:*:*:*:*
cpe:2.3:a:sap:businessobjects_business_intelligence_platform:2.3:*:*:*:*:*:*:*
EPSS
Процентиль: 45%
0.00229
Низкий
9.8 Critical
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-306
Связанные уязвимости
CVSS3: 9.8
github
больше 3 лет назад
SAP Business Objects Business Intelligence Platform (Live Data Connect), versions 1.0, 2.0, 2.x, allows an attacker to logon on the Central Management Console without password in case of the BIPRWS application server was not protected with some specific certificate, leading to Missing Authentication Check.
EPSS
Процентиль: 45%
0.00229
Низкий
9.8 Critical
CVSS3
9.8 Critical
CVSS3
7.5 High
CVSS2
Дефекты
CWE-306