Vulnerability Details : CVE-2020-6351
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated FBX file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
Vulnerability category: Overflow
Exploit prediction scoring system (EPSS) score for CVE-2020-6351
Probability of exploitation activity in the next 30 days: 0.69%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 79 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2020-6351
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
|
4.3
|
MEDIUM | CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
2.8
|
1.4
|
SAP SE |
|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2020-6351
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-6351
-
https://launchpad.support.sap.com/#/notes/2960815
SAP ONE Support Launchpad: Log OnPermissions Required
-
https://www.zerodayinitiative.com/advisories/ZDI-20-1147/
ZDI-20-1147 | Zero Day InitiativeThird Party Advisory;VDB Entry
-
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=557449700
SAP Security Patch Day – September 2020 - Product Security Response at SAP - Community WikiVendor Advisory
Products affected by CVE-2020-6351
- cpe:2.3:a:sap:3d_visual_enterprise_viewer:9:*:*:*:*:*:*:*