CVE-2020-6304

Name of the Vulnerable Software and Affected Versions SAP NetWeaver Internet Communication Manager versions prior to the update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT SAP NetWeaver Internet Communication Manager versions prior to the update provided in KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 SAP NetWeaver Internet Communication Manager versions prior to the update provided in KERNEL 7.21, 7.49, 7.53

Description The issue is caused by improper input validation, allowing an attacker to prevent users from accessing services through a denial of service. This can be exploited by a remote attacker to cause a denial of service.

Recommendations For SAP NetWeaver Internet Communication Manager versions prior to the update provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT, update to the version provided in KRNL32NUC & KRNL32UC 7.21, 7.21EXT, 7.22, 7.22EXT or later. For SAP NetWeaver Internet Communication Manager versions prior to the update provided in KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49, update to the version provided in KRNL64NUC & KRNL64UC 7.21, 7.21EXT, 7.22, 7.22EXT, 7.49 or later. For SAP NetWeaver Internet Communication Manager versions prior to the update provided in KERNEL 7.21, 7.49, 7.53, update to the version provided in KERNEL 7.21, 7.49, 7.53 or later.