CVE-2020-6208

HIGH Year: 2020
CVSS v3 Score
7.5
High
CVSS v2 Score
4.4
Medium
Weakness Type
CWE-416
View all →

Vulnerability Description

SAP Business Objects Business Intelligence Platform (Crystal Reports), versions- 4.1, 4.2, allows an attacker with basic authorization to inject code that can be executed by the application and thus allowing the attacker to control the behaviour of the application, leading to Remote Code Execution. Although the mode of attack is only Local, multiple applications can be impacted as a result of the vulnerability.

Related Vulnerabilities

CVE-2006-4434

HIGH
CVSS:7.5(High)

Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced....

CWE-4162006

CVE-2006-4997

HIGH
CVSS:7.5(High)

The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access th...

CWE-4162006

CVE-2009-3553

HIGH
CVSS:7.5(High)

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote att...

CWE-4162009

CVE-2010-0302

HIGH
CVSS:7.5(High)

Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll...

CWE-4162010

CVE-2010-4168

HIGH
CVSS:7.5(High)

Multiple use-after-free vulnerabilities in OpenTTD 1.0.x before 1.0.5 allow (1) remote attackers to cause a denial of service (invalid write and daemon crash) by abruptly disconnecting during transmis...

CWE-4162010

CVE-2015-3890

HIGH
CVSS:7.5(High)

Use-after-free vulnerability in Open Litespeed before 1.3.10.

CWE-4162015