CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21452 – SAP 3D Visual Enterprise Viewer GIF File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-21452
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated GIF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. SAP 3D Visual Enterprise Viewer, versión - 9, permite a un usuario abrir un archivo GIF manipulado recibido de fuentes no confiables, lo cual resulta en un bloqueo de la aplicación y que no esté disponible temporalmente hasta que el usuario reinicie la aplicación, esto es causado debido a una Comprobación de Entrada Inapropiada This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of GIF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3002617 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-21449 – SAP 3D Visual Enterprise Viewer IFF File Parsing Memory Corruption Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2021-21449
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated IFF file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. SAP 3D Visual Enterprise Viewer, versión - 9, permite a un usuario abrir un archivo IFF manipulado recibido de fuentes no confiables, lo cual resulta en un bloqueo de la aplicación y que no esté disponible temporalmente hasta que el usuario reinicie la aplicación, esto es causado debido a una Comprobación de Entrada Inapropiada This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of IFF files. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/3002617 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=564760476 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26817 – SAP 3D Visual Enterprise Viewer HPGL File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-26817
SAP 3D Visual Enterprise Viewer, version - 9, allows an user to open manipulated HPGL file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. SAP 3D Visual Enterprise Viewer, versión - 9, permite a un usuario abrir un archivo HPGL manipulado recibido desde fuentes no confiables, lo que resulta que la aplicación se bloquee y no esté disponible temporalmente hasta que el usuario reinicie la aplicación, esto es causado debido a una Comprobación Inapropiada de la Entrada This vulnerability allows remote attackers to execute arbitrary code on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HPGL files. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. • https://launchpad.support.sap.com/#/notes/2985094 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=562725571 https://www.zerodayinitiative.com/advisories/ZDI-20-1364 • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 5.7EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6315 – SAP 3D Visual Enterprise Viewer SVG File XML External Entity Processing Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2020-6315
SAP 3D Visual Enterprise Viewer, version 9, allows an attacker to send certain manipulated file to the victim, which can lead to leakage of sensitive information when the victim loads the malicious file into the VE viewer, leading to Information Disclosure. SAP 3D Visual Enterprise Viewer, versión 9, permite que un atacante envíe determinado archivo manipulado a la víctima, lo que puede conllevar a un filtrado de información confidencial cuando la víctima carga el archivo malicioso en el visualizador VE, lo que conlleva a una divulgación de información This vulnerability allows remote attackers to disclose sensitive information on affected installations of SAP 3D Visual Enterprise Viewer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the processing of SVG files. Due to the improper restriction of XML External Entity (XXE) references, a crafted document specifying a URI causes the XML parser to access the URI and embed the contents back into the XML document for further processing. An attacker can leverage this vulnerability to disclose information in the context of the current process. • https://launchpad.support.sap.com/#/notes/2973497 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2020-6376
https://notcve.org/view.php?id=CVE-2020-6376
SAP 3D Visual Enterprise Viewer, version - 9, allows a user to open manipulated Right Hemisphere Binary (.rh) file received from untrusted sources which results in crashing of the application and becoming temporarily unavailable until the user restarts the application, this is caused due to Improper Input Validation. SAP 3D Visual Enterprise Viewer, versión - 9, permite a un usuario abrir un archivo Right Hemisphere Binary (.rh) manipulado recibido de fuentes no confiables que resulta en el bloqueo de la aplicación y que deje de estar disponible temporalmente hasta que el usuario reinicie la aplicación, esto es causado debido a una Comprobación Inapropiada de Entrada • https://launchpad.support.sap.com/#/notes/2973497 https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=558632196 • CWE-20: Improper Input Validation •