Vulnerability Description
Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sap | Netweaver Internet Communication Manager \(Kernel\) | 7.21 |
| Sap | Netweaver Internet Communication Manager \(Krnl32Nuc\) | 7.21 |
| Sap | Netweaver Internet Communication Manager \(Krnl32Uc\) | 7.21 |
| Sap | Netweaver Internet Communication Manager \(Krnl64Nuc\) | 7.21 |
| Sap | Netweaver Internet Communication Manager \(Krnl64Uc\) | 7.21 |
Related Weaknesses (CWE)
References
- https://launchpad.support.sap.com/#/notes/2848498Permissions Required
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771Vendor Advisory
- https://launchpad.support.sap.com/#/notes/2848498Permissions Required
- https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=533671771Vendor Advisory
FAQ
What is CVE-2020-6304?
CVE-2020-6304 is a vulnerability with a CVSS score of 7.5 (HIGH). Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 ...
How severe is CVE-2020-6304?
CVE-2020-6304 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-6304?
Check the references section above for vendor advisories and patch information. Affected products include: Sap Netweaver Internet Communication Manager \(Kernel\), Sap Netweaver Internet Communication Manager \(Krnl32Nuc\), Sap Netweaver Internet Communication Manager \(Krnl32Uc\), Sap Netweaver Internet Communication Manager \(Krnl64Nuc\), Sap Netweaver Internet Communication Manager \(Krnl64Uc\).