CVE-2020-6177: Input Validation
First published: Wed Feb 12 2020(Updated: )
SAP Mobile Platform, version 3.0, does not sufficiently validate an XML document accepted from an untrusted source which could lead to partial denial of service. Since SAP Mobile Platform does not allow External-Entity resolving, there is no issue of leaking content of files on the server.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP Mobile Platform | =3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-6177?
The severity of CVE-2020-6177 is medium with a severity value of 4.3.
What is the impact of CVE-2020-6177?
CVE-2020-6177 could lead to partial denial of service.
How does CVE-2020-6177 occur?
CVE-2020-6177 occurs due to insufficient validation of an XML document accepted from an untrusted source.
Is there a risk of leaking content of files on the server?
No, there is no risk of leaking content of files on the server as SAP Mobile Platform does not allow External-Entity resolving.
How can CVE-2020-6177 be fixed?
To fix CVE-2020-6177, it is recommended to update to a version of SAP Mobile Platform that addresses the vulnerability.
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/event
- agent/weakness
- agent/type
- agent/description
- agent/first-publish-date
- agent/last-modified-date
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/sap
- canonical/sap mobile platform
- version/sap mobile platform/3.0