CVE-2020-6330

Name of the Vulnerable Software and Affected Versions SAP 3D Visual Enterprise Viewer version 9

Description The issue is caused by improper input validation, allowing a user to open a manipulated 3DM file from untrusted sources. This results in the application crashing and becoming temporarily unavailable until the user restarts it. The vulnerability is related to the 3DM file parsing rhino plugin and can lead to an out-of-bounds read and potential remote code execution.

Recommendations For SAP 3D Visual Enterprise Viewer version 9, consider disabling the 3DM file parsing rhino plugin as a temporary workaround until a patch is available. Restrict access to opening files from untrusted sources to minimize the risk of exploitation.