CVE-2020-6304

5.9MEDIUM

Key Information:

Vendor: SAP
Status: SAP Netweaver Internet Communication Manager (krnl32nuc); SAP Netweaver Internet Communication Manager (krnl32uc); SAP Netweaver Internet Communication Manager (krnl64nuc); SAP Netweaver Internet Communication Manager (krnl64uc)
Vendor: CVE Published:; 14 January 2020

Summary

Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service.

Affected Version(s)

SAP NetWeaver Internet Communication Manager (KERNEL) < 7.21 < 7.21

SAP NetWeaver Internet Communication Manager (KERNEL) < 7.22 < 7.22

SAP NetWeaver Internet Communication Manager (KERNEL) < 7.49 < 7.49

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...

x_refsource_CONFIRM

https://launchpad.support.sap.com/#/notes/2848498

x_refsource_MISC

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Jan 14, 2020
Vulnerability Reserved
Jan 8, 2020