CVE-2020-6219 Information

Description

SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer) versions 4.1 4.2 and Crystal Reports for VS version 2010 allows an attacker with basic authorization to perform deserialization attack in the application leading to service interruptions and denial of service and unauthorized execution of arbitrary commands leading to Deserialization of Untrusted Data.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://launchpad.support.sap.com//notes/2863731 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8