HTTP: SAP BusinessObjects Business Intelligence Platform Request Forgery
This signature detects attempts to exploit a known vulnerability against SAP BusinessObjects Business Intelligence Platform. A successful attack can lead to sensitive information disclosure.
Extended Description
SAP BusinessObjects Business Intelligence Platform (Web Services) versions - 410, 420, 430, allows an unauthenticated attacker to inject arbitrary values as CMS parameters to perform lookups on the internal network which is otherwise not accessible externally. On successful exploitation, attacker can scan internal network to determine internal infrastructure and gather information for further attacks like remote file inclusion, retrieve server files, bypass firewall and force the vulnerable server to perform malicious requests, resulting in a Server-Side Request Forgery vulnerability.
Affected Products
Sap businessobjects_business_intelligence_platform
References
CVE: CVE-2020-6308
Short Name
HTTP:CTS:SAP-BUSINESS-BSSRF
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Business BusinessObjects CVE-2020-6308 Forgery Intelligence Platform Request SAP
Release Date
02/24/2025
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3785
False Positive
Unknown
Vendors
Sap