← back
CVE-2020-6177

CVE-2020-6177

CVSS 4.3 MEDIUMEPSS 0.8%
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 4.3EPSS 0.8%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
12 Feb 2020Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does not allow External-Entity resolving, there is no issue of leaking content of files on the server.
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Affected products
SAP SE · SAP Mobile Platform

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://launchpad.support.sap.com/#/notes/2880993https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812