CVE-2020-6177
MEDIUMSAP Mobile Platform 3.0 - Denial of Service via XML Input Validation
Title source: llmDescription
SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does not allow External-Entity resolving, there is no issue of leaking content of files on the server.
References (2)
Core 2
Core References
Permissions Required, Vendor Advisory x_refsource_misc
https://launchpad.support.sap.com/#/notes/2880993
Vendor Advisory x_refsource_misc
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812
Scores
CVSS v3
4.3
EPSS
0.0028
EPSS Percentile
51.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-20
Status
published
Products (1)
sap/mobile_platform
3.0
Published
Feb 12, 2020
Tracked Since
Feb 18, 2026