CVE-2020-6334: SAP 3D Visual Enterprise Viewer SKP File Parsing Use-After-Free Remote Code Execution Vulnerability
First published: Wed Sep 09 2020(Updated: )
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated SKP file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP 3D Visual Enterprise Viewer | =9 | |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-6334?
CVE-2020-6334 has a severity rating of medium due to the potential impact of application crashes.
How do I fix CVE-2020-6334?
To mitigate CVE-2020-6334, avoid opening SKP files from untrusted sources and ensure you are running the latest version of SAP 3D Visual Enterprise Viewer.
What does CVE-2020-6334 affect?
CVE-2020-6334 specifically affects SAP 3D Visual Enterprise Viewer version 9.
What type of vulnerability is CVE-2020-6334?
CVE-2020-6334 is classified as an improper input validation vulnerability.
Can CVE-2020-6334 lead to application downtime?
Yes, CVE-2020-6334 can cause the application to crash, leading to temporary downtime until restarted.
- collector/nvd-index
- agent/weakness
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/author
- agent/title
- agent/last-modified-date
- agent/softwarecombine
- agent/severity
- agent/description
- agent/first-publish-date
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-20-1145
- alias/ZDI-CAN-11161
- alias/CVE-2020-6334
- agent/software-canonical-lookup
- agent/event
- agent/trending
- agent/tags
- agent/source
- vendor/sap
- canonical/sap 3d visual enterprise viewer
- version/sap 3d visual enterprise viewer/9