CVE-2020-6331

Description

SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.

CVSS breakdown

CVSS 3.0

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Affected products

SAP_SE / SAP 3D Visual Enterprise Viewer< 9 – < 9

References

MISChttps://launchpad.support.sap.com/#/notes/2960815
MISChttps://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
VENDOR_ADVISORYhttps://www.zerodayinitiative.com/advisories/ZDI-20-1142/