CVE-2020-6223 Information

Description

The open document of SAP Business Objects Business Intelligence Platform versions 4.1 4.2 allows an attacker to modify certain error pages to include malicious content. This can misdirect a user who is tricked into accessing these error pages rendered by the application leading to Content Spoofing.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Reference

https://launchpad.support.sap.com//notes/2878507 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=544214202

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

CHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.1