{"cve":{"cve_id":"CVE-2020-6245","is_kev":false,"kev_date_added":null,"kev_vendor_project":null,"kev_product":null,"kev_vulnerability_name":null,"kev_short_description":null,"kev_required_action":null,"kev_due_date":null,"kev_known_ransomware":null,"kev_notes":null,"kev_cwes":null,"epss_score":0.00335,"epss_percentile":0.25202,"epss_as_of":"2026-06-23","description":"SAP Business Objects Business Intelligence Platform, version 4.2, allows an attacker with access to local instance, to inject file or code that can be executed by the application due to Improper Control of Resource Identifiers.","published_at":"2020-05-12T17:49:07Z","last_modified_at":null,"cvss_v3_score":6.5,"cvss_v3_vector":"CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H","cvss_v3_severity":"MEDIUM","cvss_v4_score":null,"cvss_v4_vector":null,"cvss_v4_severity":null,"ssvc_decision":null,"ssvc_exploitation":null,"ssvc_automatable":null,"ssvc_technical_impact":null,"cwes":["CWE-99"],"nvd_references":["https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222","https://launchpad.support.sap.com/#/notes/2828558"],"vuln_status":null,"trending_score":null,"is_trending":false,"has_trended":false,"trended_number_one":false,"trending_peak_score":null,"trending_peak_rank":null,"started_trending_at":null,"trended_number_one_at":null,"summary_generated":null,"summary_generated_at":null,"summary_model":null,"created_at":"2026-06-24T00:09:39.878444Z","updated_at":"2026-06-28T23:14:28.790014Z"},"effective_severity":"MEDIUM","badges":[],"impact_analysis":[],"cvss_v3_decoded":{"version":"3.0","metrics":[{"metric":"AV","name":"Attack Vector","value":"L","value_label":"Local"},{"metric":"AC","name":"Attack Complexity","value":"L","value_label":"Low"},{"metric":"PR","name":"Privileges Required","value":"H","value_label":"High"},{"metric":"UI","name":"User Interaction","value":"R","value_label":"Required"},{"metric":"S","name":"Scope","value":"U","value_label":"Unchanged"},{"metric":"C","name":"Confidentiality","value":"H","value_label":"High"},{"metric":"I","name":"Integrity","value":"H","value_label":"High"},{"metric":"A","name":"Availability","value":"H","value_label":"High"}]},"cvss_v4_decoded":{"version":null,"metrics":[]},"affected":[{"vendor_slug":"sap-se","vendor_name":"SAP_SE","product_slug":"sap-business-objects-business-intelligence-platform","product_name":"SAP Business Objects Business Intelligence Platform","version_start":"< 4.2","version_start_inclusive":true,"version_end":"< 4.2","version_end_inclusive":true,"cpe23_uri":"cve5:sap-se:sap-business-objects-business-intelligence-platform:< 4.2:< 4.2"}],"exploit_refs":[],"news":[],"references":[{"url":"https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=545396222","source_type":"MISC","tags":[]},{"url":"https://launchpad.support.sap.com/#/notes/2828558","source_type":"MISC","tags":[]}],"timeline":[{"type":"published","at":"2020-05-12T17:49:07Z","label":"CVE published","source":null},{"type":"cvss_changed","at":"2026-06-28T17:04:16.083777Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:04:16.083777Z","label":"CVSS score revised","source":"cvelistv5"},{"type":"cvss_changed","at":"2026-06-28T17:04:16.083777Z","label":"CVSS score revised","source":"cvelistv5"}]}