cnvd - cnvd-2021-03712

cnvd-2021-03712

Vulnerability from cnvd

Title: SAP BusinessObjects Business Intelligence Platform跨站请求伪造漏洞

Description:

SAP BusinessObjects Business Intelligence Platform是德国思爱普（SAP）公司的一套商务智能软件和企业绩效解决方案套件。该产品具有报告生成、分析、数据可视化等功能。

SAP BusinessObjects Business Intelligence Platform (Web Services) 410、420和430版本存在跨站请求伪造漏洞。未经身份认证的攻击者可通过注入任意值作为CMS参数利用该漏洞扫描内部网络确定内部基础结构，并收集信息以进行进一步的攻击，如远程文件包含，检索服务器文件，绕过防火墙并迫使存在漏洞的服务器执行恶意请求。

Severity: 中

Patch Name: SAP BusinessObjects Business Intelligence Platform跨站请求伪造漏洞的补丁

Patch Description:

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196

Reference: https://nvd.nist.gov/vuln/detail/CVE-2020-6308

Impacted products

Name
['SAP SAP BusinessObjects Business Intelligence Platform 410', 'SAP SAP BusinessObjects Business Intelligence Platform 420', 'SAP SAP BusinessObjects Business Intelligence Platform 430']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-6308",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-6308"
    }
  },
  "description": "SAP BusinessObjects Business Intelligence Platform\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u5957\u5546\u52a1\u667a\u80fd\u8f6f\u4ef6\u548c\u4f01\u4e1a\u7ee9\u6548\u89e3\u51b3\u65b9\u6848\u5957\u4ef6\u3002\u8be5\u4ea7\u54c1\u5177\u6709\u62a5\u544a\u751f\u6210\u3001\u5206\u6790\u3001\u6570\u636e\u53ef\u89c6\u5316\u7b49\u529f\u80fd\u3002\n\nSAP BusinessObjects Business Intelligence Platform (Web Services) 410\u3001420\u548c430\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u672a\u7ecf\u8eab\u4efd\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u6ce8\u5165\u4efb\u610f\u503c\u4f5c\u4e3aCMS\u53c2\u6570\u5229\u7528\u8be5\u6f0f\u6d1e\u626b\u63cf\u5185\u90e8\u7f51\u7edc\u786e\u5b9a\u5185\u90e8\u57fa\u7840\u7ed3\u6784\uff0c\u5e76\u6536\u96c6\u4fe1\u606f\u4ee5\u8fdb\u884c\u8fdb\u4e00\u6b65\u7684\u653b\u51fb\uff0c\u5982\u8fdc\u7a0b\u6587\u4ef6\u5305\u542b\uff0c\u68c0\u7d22\u670d\u52a1\u5668\u6587\u4ef6\uff0c\u7ed5\u8fc7\u9632\u706b\u5899\u5e76\u8feb\u4f7f\u5b58\u5728\u6f0f\u6d1e\u7684\u670d\u52a1\u5668\u6267\u884c\u6076\u610f\u8bf7\u6c42\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1ahttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-03712",
  "openTime": "2021-01-18",
  "patchDescription": "SAP BusinessObjects Business Intelligence Platform\u662f\u5fb7\u56fd\u601d\u7231\u666e\uff08SAP\uff09\u516c\u53f8\u7684\u4e00\u5957\u5546\u52a1\u667a\u80fd\u8f6f\u4ef6\u548c\u4f01\u4e1a\u7ee9\u6548\u89e3\u51b3\u65b9\u6848\u5957\u4ef6\u3002\u8be5\u4ea7\u54c1\u5177\u6709\u62a5\u544a\u751f\u6210\u3001\u5206\u6790\u3001\u6570\u636e\u53ef\u89c6\u5316\u7b49\u529f\u80fd\u3002\r\n\r\nSAP BusinessObjects Business Intelligence Platform (Web Services) 410\u3001420\u548c430\u7248\u672c\u5b58\u5728\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u3002\u672a\u7ecf\u8eab\u4efd\u8ba4\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u901a\u8fc7\u6ce8\u5165\u4efb\u610f\u503c\u4f5c\u4e3aCMS\u53c2\u6570\u5229\u7528\u8be5\u6f0f\u6d1e\u626b\u63cf\u5185\u90e8\u7f51\u7edc\u786e\u5b9a\u5185\u90e8\u57fa\u7840\u7ed3\u6784\uff0c\u5e76\u6536\u96c6\u4fe1\u606f\u4ee5\u8fdb\u884c\u8fdb\u4e00\u6b65\u7684\u653b\u51fb\uff0c\u5982\u8fdc\u7a0b\u6587\u4ef6\u5305\u542b\uff0c\u68c0\u7d22\u670d\u52a1\u5668\u6587\u4ef6\uff0c\u7ed5\u8fc7\u9632\u706b\u5899\u5e76\u8feb\u4f7f\u5b58\u5728\u6f0f\u6d1e\u7684\u670d\u52a1\u5668\u6267\u884c\u6076\u610f\u8bf7\u6c42\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "SAP BusinessObjects Business Intelligence Platform\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "SAP SAP BusinessObjects Business Intelligence Platform 410",
      "SAP SAP BusinessObjects Business Intelligence Platform 420",
      "SAP SAP BusinessObjects Business Intelligence Platform 430"
    ]
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-6308",
  "serverity": "\u4e2d",
  "submitTime": "2020-10-28",
  "title": "SAP BusinessObjects Business Intelligence Platform\u8de8\u7ad9\u8bf7\u6c42\u4f2a\u9020\u6f0f\u6d1e"
}

CVE-2020-6308 (GCVE-0-2020-6308)

Vulnerability from cvelistv5

Published

2020-10-20 13:31

Modified

2024-08-04 08:55

Severity ?

5.3 (Medium) - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CWE

Server-Side Request Forgery

Summary

SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability.

References

▼	URL	Tags
	https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196	x_refsource_MISC
	https://launchpad.support.sap.com/#/notes/2943844	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	SAP SE	SAP BusinessObjects Business Intelligence Platform (Web Services)	Version: < 410 Version: < 420 Version: < 430

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T08:55:22.240Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://launchpad.support.sap.com/#/notes/2943844"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "SAP BusinessObjects Business Intelligence Platform (Web Services)",
          "vendor": "SAP SE",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 410"
            },
            {
              "status": "affected",
              "version": "\u003c 420"
            },
            {
              "status": "affected",
              "version": "\u003c 430"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability."
        }
      ],
      "metrics": [
        {
          "cvssV3_0": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Server-Side Request Forgery",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-10-20T13:31:10",
        "orgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
        "shortName": "sap"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://launchpad.support.sap.com/#/notes/2943844"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cna@sap.com",
          "ID": "CVE-2020-6308",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "SAP BusinessObjects Business Intelligence Platform (Web Services)",
                      "version": {
                        "version_data": [
                          {
                            "version_name": "\u003c",
                            "version_value": "410"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "420"
                          },
                          {
                            "version_name": "\u003c",
                            "version_value": "430"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "SAP SE"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability."
            }
          ]
        },
        "impact": {
          "cvss": {
            "baseScore": "5.3",
            "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
            "version": "3.0"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Server-Side Request Forgery"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
              "refsource": "MISC",
              "url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
            },
            {
              "name": "https://launchpad.support.sap.com/#/notes/2943844",
              "refsource": "MISC",
              "url": "https://launchpad.support.sap.com/#/notes/2943844"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "e4686d1a-f260-4930-ac4c-2f5c992778dd",
    "assignerShortName": "sap",
    "cveId": "CVE-2020-6308",
    "datePublished": "2020-10-20T13:31:10",
    "dateReserved": "2020-01-08T00:00:00",
    "dateUpdated": "2024-08-04T08:55:22.240Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted