← Back

CVE-2020-6304

nvd nist
Published: Jan 14, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.5
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Exploitability: 3.9 / Impact: 3.6
Source: NVD

Description

Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service.

Affected (22)

Sap
5 products
Netweaver Internet Communication Manager (kernel)
Netweaver Internet Communication Manager (krnl32nuc)
Netweaver Internet Communication Manager (krnl32uc)
Netweaver Internet Communication Manager (krnl64nuc)
Netweaver Internet Communication Manager (krnl64uc)
Configuration A
22 vulnerable
Vulnerable SoftwareAffected Versions
Sap
Netweaver Internet Communication Manager (kernel)
Version 7.21
Netweaver Internet Communication Manager (kernel)
Version 7.22
Netweaver Internet Communication Manager (kernel)
Version 7.49
Netweaver Internet Communication Manager (kernel)
Version 7.53
Sap
Netweaver Internet Communication Manager (krnl32nuc)
Version 7.21
Netweaver Internet Communication Manager (krnl32nuc)
Version 7.21ext
Netweaver Internet Communication Manager (krnl32nuc)
Version 7.22
Netweaver Internet Communication Manager (krnl32nuc)
Version 7.22ext
Sap
Netweaver Internet Communication Manager (krnl32uc)
Version 7.21
Netweaver Internet Communication Manager (krnl32uc)
Version 7.21ext
Netweaver Internet Communication Manager (krnl32uc)
Version 7.22
Netweaver Internet Communication Manager (krnl32uc)
Version 7.22ext
Sap
Netweaver Internet Communication Manager (krnl64nuc)
Version 7.21
Netweaver Internet Communication Manager (krnl64nuc)
Version 7.21ext
Netweaver Internet Communication Manager (krnl64nuc)
Version 7.22
Netweaver Internet Communication Manager (krnl64nuc)
Version 7.22ext
Netweaver Internet Communication Manager (krnl64nuc)
Version 7.49
Sap
Netweaver Internet Communication Manager (krnl64uc)
Version 7.21
Netweaver Internet Communication Manager (krnl64uc)
Version 7.21ext
Netweaver Internet Communication Manager (krnl64uc)
Version 7.22
Netweaver Internet Communication Manager (krnl64uc)
Version 7.22ext
Netweaver Internet Communication Manager (krnl64uc)
Version 7.49

Related CWEs

CWE-20
Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (4)

Source: cna@sap.com
Permissions Required
Source: cna@sap.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Permissions Required
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.