on 08-26-2020 2:32 PM
We are using the SAP BusinessObjects Business Intelligence client version 4.1 application whose main purpose is to provide reports for BMC Truesight Tool users. However, there is a vulnerability detected for the Apache Tomcat component of this application by the Qualys Scanning Tool.
Vulnerability details below.
CVE ID: CVE-2020-13935
Vulnerability name: Apache Tomcat WebSocket Denial of Service Vulnerability
Port on which vulnerability is detected: 8080
Server OS: Windows Server 2012 R2 Datacenter 64 bit Edition
I generally understand from few blogs, this vulnerability can be remediated by upgrading the Tomcat to a non-vulnerable version. However, it would be good if the SAP community help me to remediate this vulnerability with detailed steps.
Thanks and Regards,
Karthik Vijayan
SAP BusinessObjects Business Intelligence Platform is not subject to this CVE.
see KBA 2498770 - Tomcat vulnerabilities (CVE-*) NOT impacting SAP BusinessObjects Business Intelligence Platform XI 3.1 /4.0 /4.1 /4.2
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Per SAP Note https://launchpad.support.sap.com/#/notes/2498770
Tomcat and SAP Business Intelligent platform is not affected by this CVE
As to your question for steps -- its a vulnerability that is fixed by upgrade, so there are no steps.
You have to upgrade if you're using non-SAP supplied tomcat.
How to upgrade tomcat can be found on http://tomcat.apache.org/
If you want to upgrade tomcat SAP provides as part of its product - best way is to follow regular SAP maintenance process, alternatively you can use https://launchpad.support.sap.com/#/notes/2232191 (with disclaimer)
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Kathik,
If you are using the Tomcat which is shipped with BI 4.1 (bundled), then that Tomcat version is not affected with this vulnerability.
You can refer to KBA below and search for the CVE number
https://launchpad.support.sap.com/#/notes/2498770
Regards,Sharvari
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
81 | |
24 | |
11 | |
9 | |
7 | |
5 | |
5 | |
5 | |
4 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.