CVE-2020-6304

HIGH

SAP NetWeaver Internet Communication Manager <7.53 - DoS

Title source: llm

Description

Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service.

References (2)

Core 2

Core References

Vendor Advisory x_refsource_confirm

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771

Permissions Required x_refsource_misc

https://launchpad.support.sap.com/#/notes/2848498

Scores

CVSS v3 7.5

EPSS 0.0070

EPSS Percentile 72.2%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-20

Status published

Products (22)

sap/netweaver_internet_communication_manager_\(kernel\) 7.21

sap/netweaver_internet_communication_manager_\(kernel\) 7.22

sap/netweaver_internet_communication_manager_\(kernel\) 7.49

sap/netweaver_internet_communication_manager_\(kernel\) 7.53

sap/netweaver_internet_communication_manager_\(krnl32nuc\) 7.21

sap/netweaver_internet_communication_manager_\(krnl32nuc\) 7.21ext

sap/netweaver_internet_communication_manager_\(krnl32nuc\) 7.22

sap/netweaver_internet_communication_manager_\(krnl32nuc\) 7.22ext

sap/netweaver_internet_communication_manager_\(krnl32uc\) 7.21

sap/netweaver_internet_communication_manager_\(krnl32uc\) 7.21ext

... and 12 more

Published Jan 14, 2020

Tracked Since Feb 18, 2026