CVE-2020-6347: SAP 3D Visual Enterprise Viewer HDR File Parsing Memory Corruption Remote Code Execution Vulnerability
First published: Wed Sep 09 2020(Updated: )
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated HDR file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation.
Credit: cna@sap.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| SAP 3D Visual Enterprise Viewer | =9 | |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-6347?
CVE-2020-6347 is classified as a medium severity vulnerability.
How do I fix CVE-2020-6347?
To fix CVE-2020-6347, update SAP 3D Visual Enterprise Viewer to the latest version provided by SAP.
What is the impact of CVE-2020-6347?
CVE-2020-6347 may cause the application to crash, resulting in temporary unavailability until a restart.
Which versions are affected by CVE-2020-6347?
CVE-2020-6347 specifically affects SAP 3D Visual Enterprise Viewer version 9.
How can I prevent CVE-2020-6347 from being exploited?
Prevent CVE-2020-6347 by not opening HDR files from untrusted sources.
- collector/nvd-index
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/weakness
- agent/author
- agent/title
- agent/last-modified-date
- agent/softwarecombine
- agent/severity
- agent/description
- agent/first-publish-date
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-20-1164
- alias/ZDI-CAN-11285
- alias/CVE-2020-6347
- agent/software-canonical-lookup
- agent/event
- agent/trending
- agent/tags
- agent/source
- vendor/sap
- canonical/sap 3d visual enterprise viewer
- version/sap 3d visual enterprise viewer/9