CVE-2020-6177

CWE-20Improper Input Validation3 documents3 sources
Severity
4.3MEDIUM
EPSS
0.3%
top 47.39%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Mobile PlatformSAP Mobile Platform
Timeline
PublishedFeb 12
Latest updateMay 24

Description

SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does not allow External-Entity resolving, there is no issue of leaking content of files on the server.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

🔴Vulnerability Details

2
GHSA
GHSA-pjf7-66cm-jgpj: SAP Mobile Platform, version 32022-05-24
CVEList
CVE-2020-6177: SAP Mobile Platform, version 32020-02-12
CVE-2020-6177 (MEDIUM CVSS 4.3) | SAP Mobile Platform | cvebase.io