CVE-2020-6373 - SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received fr

CVE-2020-6373

Summary

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
https://launchpad.support.sap.com/#/notes/2973497
https://www.zerodayinitiative.com/advisories/ZDI-20-1263/

Vulnerable Configurations

cpe:2.3:a:sap:3d_visual_enterprise_viewer:9:*:*:*:*:*:*:*
cpe:2.3:a:sap:3d_visual_enterprise_viewer:9:*:*:*:*:*:*:*

CVSS

Base:	6.8 (as of 21-07-2021 - 11:39)
Impact:
Exploitability:

CWE

CWE-787

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:M/Au:N/C:P/I:P/A:P

refmap via4

misc

https://launchpad.support.sap.com/#/notes/2973497
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196
https://www.zerodayinitiative.com/advisories/ZDI-20-1263/

Last major update

21-07-2021 - 11:39

Published

15-10-2020 - 02:15

Last modified

21-07-2021 - 11:39