CVE-2020-6219 CRITICAL

CVE-2020-6219

Vendor Sap Se
Product SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer)
Weakness CWE-502 · Unsafe deserialization
Published April 14, 2020
Last update August 4, 2024
View on NVD All CVEs

CVSS base score

9.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:H

What the vulnerability does

01Description

SAP Business Objects Business Intelligence Platform (CrystalReports WebForm Viewer), versions 4.1, 4.2, and Crystal Reports for VS version 2010, allows an attacker with basic authorization to perform deserialization attack in the application, leading to service interruptions and denial of service and unauthorized execution of arbitrary commands, leading to Deserialization of Untrusted Data.

Key dates

02Disclosure timeline

April 14, 2020 CVE published
August 4, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-32897 Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server CVE-2025-47532 WordPress CoinPayments.net Payment Gateway for WooCommerce plugin <= 1.0.17 - PHP Object Injection Vulnerability CVE-2026-40858 Apache Camel: Camel-Infinispan: Unsafe Deserialization in Remote Aggregation Repository CVE-2025-53584 WordPress WP Ticket Customer Service Software & Support Ticket System Plugin <= 6.0.2 - PHP Object Injection Vulnerability CVE-2025-2939 Ninja Tables – Easy Data Table Builder <= 5.0.18 - Unauthenticated PHP Object Injection to Limited Remote Code Execution