ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below.
References
Link | Resource |
---|---|
http://www.securityfocus.com/bid/107355 | Broken Link |
https://launchpad.support.sap.com/#/notes/2736825 | Permissions Required Vendor Advisory |
https://launchpad.support.sap.com/#/notes/2870067 | Permissions Required Vendor Advisory |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080 | Vendor Advisory |
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: sap
Published: 2019-03-12T22:00:00
Updated: 2020-02-19T19:38:45
Reserved: 2018-11-26T00:00:00
Link: CVE-2019-0271
JSON object: View
NVD Information
Status : Analyzed
Published: 2019-03-12T22:29:00.487
Modified: 2022-04-18T14:25:28.007
Link: CVE-2019-0271
JSON object: View
Redhat Information
No data.
CWE