CVE-2020-6187: XEE
First published: Wed Feb 12 2020(Updated: )
SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP NetWeaver Guided Procedures | =7.10 | |
| SAP NetWeaver Guided Procedures | =7.11 | |
| SAP NetWeaver Guided Procedures | =7.20 | |
| SAP NetWeaver Guided Procedures | =7.30 | |
| SAP NetWeaver Guided Procedures | =7.31 | |
| SAP NetWeaver Guided Procedures | =7.40 | |
| SAP NetWeaver Guided Procedures | =7.50 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2020-6187.
What is the severity of CVE-2020-6187?
The severity of CVE-2020-6187 is medium with a CVSS score of 4.9.
Which versions of SAP NetWeaver (Guided Procedures) are affected?
The affected versions of SAP NetWeaver (Guided Procedures) are 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, and 7.50.
What is the impact of CVE-2020-6187?
CVE-2020-6187 can result in a Denial of Service (DoS) attack.
Where can I find more information about CVE-2020-6187?
You can find more information about CVE-2020-6187 on SAP's support page and the SAP Community Network Wiki.
- collector/nvd-index
- vendor/sap
- canonical/sap netweaver guided procedures
- version/sap netweaver guided procedures/7.10
- version/sap netweaver guided procedures/7.11
- version/sap netweaver guided procedures/7.20
- version/sap netweaver guided procedures/7.30
- version/sap netweaver guided procedures/7.31
- version/sap netweaver guided procedures/7.40
- version/sap netweaver guided procedures/7.50