CVE-2020-6177
4.3
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Summary
SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does not allow External-Entity resolving, there is no issue of leaking content of files on the server.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP SE | SAP Mobile Platform | = 3.0 | affected |
Weaknesses
- Missing XML Validation
ADP Enrichment
CVE Program Container
Additional References
- https://launchpad.support.sap.com/#/notes/2880993
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812
References
- https://launchpad.support.sap.com/#/notes/2880993
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.