admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-10-15 02:01:32 +00:00
parent 2a8c4b6b01
commit 0cb11c6bc2
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
13 changed files with 858 additions and 36 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
2020/27xxx/CVE-2020-27151.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-27151",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}

75
2020/6xxx/CVE-2020-6272.json
View File

@ -4,14 +4,83 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6272",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Commerce Cloud",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "1808"
},
{
"version_name": "<",
"version_value": "1811"
},
{
"version_name": "<",
"version_value": "1905"
},
{
"version_name": "<",
"version_value": "2005"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Commerce Cloud versions - 1808, 1811, 1905, 2005, does not sufficiently encode user inputs, which allows an authenticated and authorized content manager to inject malicious script into several web CMS components. These can be saved and later triggered, if an affected web page is visited, resulting in Cross-Site Scripting (XSS) vulnerability."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.4",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2917381",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2917381"
}
]
}

87
2020/6xxx/CVE-2020-6319.json
View File

@ -4,14 +4,95 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6319",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Application Server Java",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.10"
},
{
"version_name": "<",
"version_value": "7.11"
},
{
"version_name": "<",
"version_value": "7.20"
},
{
"version_name": "<",
"version_value": "7.30"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.40"
},
{
"version_name": "<",
"version_value": "7.50"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP NetWeaver Application Server Java, versions - 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50 allows an unauthenticated attacker to include JavaScript blocks in any web page or URL with different symbols which are otherwise not allowed. On successful exploitation an attacker can steal authentication information of the user, such as data relating to his or her current session and limitedly impact confidentiality and integrity of the application, leading to Reflected Cross Site Scripting."
}
]
},
"impact": {
"cvss": {
"baseScore": "6.1",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2956398",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2956398"
}
]
}

71
2020/6xxx/CVE-2020-6323.json
View File

@ -4,14 +4,79 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6323",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Enterprise Portal (Fiori Framework Page)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "7.50"
},
{
"version_name": "<",
"version_value": "7.31"
},
{
"version_name": "<",
"version_value": "7.40"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP NetWeaver Enterprise Portal (Fiori Framework Page) versions - 7.50, 7.31, 7.40, does not sufficiently encode user-controlled inputs and allows an attacker on a valid session to create an XSS that will be both reflected immediately and also be persisted and returned in further access to the system, resulting in Cross Site Scripting."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.4",
"vectorString": "",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://launchpad.support.sap.com/#/notes/2960329",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2960329"
},
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
}
]
}

75
2020/6xxx/CVE-2020-6363.json
View File

@ -4,14 +4,83 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6363",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Commerce Cloud",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "1808"
},
{
"version_name": "<",
"version_value": "1811"
},
{
"version_name": "<",
"version_value": "1905"
},
{
"version_name": "<",
"version_value": "2005"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Commerce Cloud, versions - 1808, 1811, 1905, 2005, exposes several web applications that maintain sessions with a user. These sessions are established after the user has authenticated with username/passphrase credentials. The user can change their own passphrase, but this does not invalidate active sessions that the user may have with SAP Commerce Cloud web applications, which gives an attacker the opportunity to reuse old session credentials, resulting in Insufficient Session Expiration."
}
]
},
"impact": {
"cvss": {
"baseScore": "3.7",
"vectorString": "",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Insufficient Session Expiration"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2965287",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2965287"
}
]
}

75
2020/6xxx/CVE-2020-6364.json
View File

@ -4,14 +4,83 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6364",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Solution Manager (CA Introscope Enterprise Manager) and SAP Focused Run (CA Introscope Enterprise Manager)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "WILY_INTRO_ENTERPRISE 9.7"
},
{
"version_name": "<",
"version_value": "10.1"
},
{
"version_name": "<",
"version_value": "10.5"
},
{
"version_name": "<",
"version_value": "10.7"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Solution Manager and SAP Focused Run (update provided in WILY_INTRO_ENTERPRISE 9.7, 10.1, 10.5, 10.7), allows an attacker to modify a cookie in a way that OS commands can be executed and potentially gain control over the host running the CA Introscope Enterprise Manager,leading to Code Injection. With this, the attacker is able to read and modify all system files and also impact system availability."
}
]
},
"impact": {
"cvss": {
"baseScore": "10.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Code Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2969828",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2969828"
}
]
}

95
2020/6xxx/CVE-2020-6368.json
View File

@ -4,14 +4,103 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6368",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP Business Planning and Consolidation",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "750"
},
{
"version_name": "<",
"version_value": "751"
},
{
"version_name": "<",
"version_value": "752"
},
{
"version_name": "<",
"version_value": "753"
},
{
"version_name": "<",
"version_value": "754"
},
{
"version_name": "<",
"version_value": "755"
},
{
"version_name": "<",
"version_value": "810"
},
{
"version_name": "<",
"version_value": "100"
},
{
"version_name": "<",
"version_value": "200"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP Business Planning and Consolidation, versions - 750, 751, 752, 753, 754, 755, 810, 100, 200, can be abused by an attacker, allowing them to modify displayed application content without authorization, and to potentially obtain authentication information from other legitimate users, leading to Cross Site Scripting."
}
]
},
"impact": {
"cvss": {
"baseScore": "5.4",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2960825",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2960825"
}
]
}

83
2020/6xxx/CVE-2020-6371.json
View File

@ -4,14 +4,91 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6371",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP NetWeaver Application Server ABAP (POWL test application)",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "710"
},
{
"version_name": "<",
"version_value": "711"
},
{
"version_name": "<",
"version_value": "730"
},
{
"version_name": "<",
"version_value": "731"
},
{
"version_name": "<",
"version_value": "740"
},
{
"version_name": "<",
"version_value": "750"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "User enumeration vulnerability can be exploited to get a list of user accounts and personal user information can be exposed in SAP NetWeaver Application Server ABAP (POWL test application) versions - 710, 711, 730, 731, 740, 750, leading to Information Disclosure."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Information Disclosure"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2963137",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2963137"
}
]
}

63
2020/6xxx/CVE-2020-6372.json
View File

@ -4,14 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6372",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP 3D Visual Enterprise Viewer",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "9"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2973497",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2973497"
}
]
}

63
2020/6xxx/CVE-2020-6373.json
View File

@ -4,14 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6373",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP 3D Visual Enterprise Viewer",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "9"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated PDF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2973497",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2973497"
}
]
}

63
2020/6xxx/CVE-2020-6374.json
View File

@ -4,14 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6374",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP 3D Visual Enterprise Viewer",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "9"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Jupiter Tessallation(.jt) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2973497",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2973497"
}
]
}

63
2020/6xxx/CVE-2020-6375.json
View File

@ -4,14 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6375",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP 3D Visual Enterprise Viewer",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "9"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Computer Graphics Metafile (.cgm) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2973497",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2973497"
}
]
}

63
2020/6xxx/CVE-2020-6376.json
View File

@ -4,14 +4,71 @@
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-6376",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ASSIGNER": "cna@sap.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"vendor_name": "SAP SE",
"product": {
"product_data": [
{
"product_name": "SAP 3D Visual Enterprise Viewer",
"version": {
"version_data": [
{
"version_name": "<",
"version_value": "9"
}
]
}
}
]
}
}
]
}
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Hemisphere Binary (.rh) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation."
}
]
},
"impact": {
"cvss": {
"baseScore": "4.3",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196",
"refsource": "MISC",
"name": "https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196"
},
{
"url": "https://launchpad.support.sap.com/#/notes/2973497",
"refsource": "MISC",
"name": "https://launchpad.support.sap.com/#/notes/2973497"
}
]
}