Cleartext Transmission of Sensitive Information

CVE-2020-6195

High

9.8/10

Summary

SAP Business Objects Business Intelligence Platform (CMC), version 4.1, 4.2, shows cleartext password in the response, leading to Information Disclosure. It involves social engineering in order to gain access to system and If password is known, it would give administrative rights to the attacker to read/modify delete the data and rights within the system.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-319 - Cleartext Transmission of Sensitive Information

The software transmits sensitive or security-critical data in cleartext in a communication channel that can be sniffed by unauthorized actors.

References

Advisory Timeline

Published Apr 14, 2020

Cleartext Transmission of Sensitive Information

CVE-2020-6195

Summary

CWE-319 - Cleartext Transmission of Sensitive Information

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS