Exploit for #VU48661 Server-Side Request Forgery (SSRF) in SAP BusinessObjects Business Intelligence suite

Published: 2020-11-26 | Updated: 2024-08-16

Vulnerability identifier: #VU48661

Vulnerability risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:L/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2020-6308

CWE-ID: CWE-918

Exploitation vector: Network

Exploits in database: 6

August 16, 2024
- sap_bo_launchpad-ssrf-timing_attack (This script exploits and performs an SSRF (Server-Side Request Forgery) and Timing Attack against the SAP BusinessObjects Launchpad (CVE-2020-6308). It attempts to determine the status of various ports on a target IP a [Github]
August 25, 2021
- CVE-2020-6308 (Exploit script for SAP Business Objects SSRF) [Github]
February 9, 2021
- CVE-2020-6308-mass-exploiter (CVE-2020-6308 mass exploiter/fuzzer.) [Github]
December 28, 2020
- CVE-2020-6308-PoC (PoC CVE-2020-6308) [Github]
- CVE-2020-6308 (PoC CVE-2020-6308) [Github]
November 26, 2020
- CVE-2020-6308-mass-exploiter (CVE-2020-6308 mass exploiter/fuzzer.) [Github]

Vulnerable software:
SAP BusinessObjects Business Intelligence suite
Server applications / Other server solutions

Vendor: SAP