What is the severity of CVE-2020-6304?

CVE-2020-6304 is classified with a high severity level due to improper input validation in SAP NetWeaver.

How do I fix CVE-2020-6304?

To fix CVE-2020-6304, apply the latest security patches provided by SAP for affected NetWeaver versions.

What software versions are affected by CVE-2020-6304?

CVE-2020-6304 affects SAP NetWeaver Internet Communication Manager versions 7.21, 7.22, 7.49, and 7.53.

What type of vulnerability is CVE-2020-6304?

CVE-2020-6304 is an input validation vulnerability that allows attackers to prevent user access to services.

What can an attacker do with CVE-2020-6304?

An attacker exploiting CVE-2020-6304 can disrupt user access to SAP NetWeaver services through malicious input.

Vulnerability/
CVE-2020-6304

high

7.5

CWE

14/1/2020

4/8/2024

CVE-2020-6304: Input Validation

First published: Tue Jan 14 2020(Updated: )

Improper input validation in SAP NetWeaver Internet Communication Manager (update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 KERNEL 7.21, 7.49, 7.53) allows an attacker to prevent users from accessing its services through a denial of service.

Credit: cna@sap.com

Affected Software	Affected Version	How to fix
Sap Netweaver Internet Communication Manager \(kernel\)	=7.21
Sap Netweaver Internet Communication Manager \(kernel\)	=7.22
Sap Netweaver Internet Communication Manager \(kernel\)	=7.49
Sap Netweaver Internet Communication Manager \(kernel\)	=7.53
Sap Netweaver Internet Communication Manager \(krnl32nuc\)	=7.21
Sap Netweaver Internet Communication Manager \(krnl32nuc\)	=7.21ext
Sap Netweaver Internet Communication Manager \(krnl32nuc\)	=7.22
Sap Netweaver Internet Communication Manager \(krnl32nuc\)	=7.22ext
Sap Netweaver Internet Communication Manager \(krnl32uc\)	=7.21
Sap Netweaver Internet Communication Manager \(krnl32uc\)	=7.21ext
Sap Netweaver Internet Communication Manager \(krnl32uc\)	=7.22
Sap Netweaver Internet Communication Manager \(krnl32uc\)	=7.22ext
Sap Netweaver Internet Communication Manager \(krnl64nuc\)	=7.21
Sap Netweaver Internet Communication Manager \(krnl64nuc\)	=7.21ext
Sap Netweaver Internet Communication Manager \(krnl64nuc\)	=7.22
Sap Netweaver Internet Communication Manager \(krnl64nuc\)	=7.22ext
Sap Netweaver Internet Communication Manager \(krnl64nuc\)	=7.49
Sap Netweaver Internet Communication Manager \(krnl64uc\)	=7.21
Sap Netweaver Internet Communication Manager \(krnl64uc\)	=7.21ext
Sap Netweaver Internet Communication Manager \(krnl64uc\)	=7.22
Sap Netweaver Internet Communication Manager \(krnl64uc\)	=7.22ext
Sap Netweaver Internet Communication Manager \(krnl64uc\)	=7.49

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2020-6304?
CVE-2020-6304 is classified with a high severity level due to improper input validation in SAP NetWeaver.
How do I fix CVE-2020-6304?
To fix CVE-2020-6304, apply the latest security patches provided by SAP for affected NetWeaver versions.
What software versions are affected by CVE-2020-6304?
CVE-2020-6304 affects SAP NetWeaver Internet Communication Manager versions 7.21, 7.22, 7.49, and 7.53.
What type of vulnerability is CVE-2020-6304?
CVE-2020-6304 is an input validation vulnerability that allows attackers to prevent user access to services.
What can an attacker do with CVE-2020-6304?
An attacker exploiting CVE-2020-6304 can disrupt user access to SAP NetWeaver services through malicious input.

collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/weakness
agent/author
agent/last-modified-date
agent/tags
agent/severity
agent/event
agent/description
agent/first-publish-date
agent/source
vendor/sap
canonical/sap netweaver internet communication manager \(kernel\)
version/sap netweaver internet communication manager \(kernel\)/7.21
version/sap netweaver internet communication manager \(kernel\)/7.22
version/sap netweaver internet communication manager \(kernel\)/7.49
version/sap netweaver internet communication manager \(kernel\)/7.53
canonical/sap netweaver internet communication manager \(krnl32nuc\)
version/sap netweaver internet communication manager \(krnl32nuc\)/7.21
version/sap netweaver internet communication manager \(krnl32nuc\)/7.21ext
version/sap netweaver internet communication manager \(krnl32nuc\)/7.22
version/sap netweaver internet communication manager \(krnl32nuc\)/7.22ext
canonical/sap netweaver internet communication manager \(krnl32uc\)
version/sap netweaver internet communication manager \(krnl32uc\)/7.21
version/sap netweaver internet communication manager \(krnl32uc\)/7.21ext
version/sap netweaver internet communication manager \(krnl32uc\)/7.22
version/sap netweaver internet communication manager \(krnl32uc\)/7.22ext
canonical/sap netweaver internet communication manager \(krnl64nuc\)
version/sap netweaver internet communication manager \(krnl64nuc\)/7.21
version/sap netweaver internet communication manager \(krnl64nuc\)/7.21ext
version/sap netweaver internet communication manager \(krnl64nuc\)/7.22
version/sap netweaver internet communication manager \(krnl64nuc\)/7.22ext
version/sap netweaver internet communication manager \(krnl64nuc\)/7.49
canonical/sap netweaver internet communication manager \(krnl64uc\)
version/sap netweaver internet communication manager \(krnl64uc\)/7.21
version/sap netweaver internet communication manager \(krnl64uc\)/7.21ext
version/sap netweaver internet communication manager \(krnl64uc\)/7.22
version/sap netweaver internet communication manager \(krnl64uc\)/7.22ext
version/sap netweaver internet communication manager \(krnl64uc\)/7.49