Описание
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tcmonitoringwebservice~web/ServerNodesWSService, aka SAP Security Note 2235994.
Ссылки
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitThird Party AdvisoryVDB Entry
- ExploitThird Party AdvisoryVDB Entry
- ExploitMailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- ExploitThird Party AdvisoryVDB Entry
Уязвимые конфигурации
Конфигурация 1Версия от 7.10 (включая) до 7.50 (включая)
cpe:2.3:a:sap:netweaver_application_server_java:*:*:*:*:*:*:*:*
EPSS
Процентиль: 94%
0.13851
Средний
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-611
Связанные уязвимости
CVSS3: 9.1
github
больше 3 лет назад
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~webservice~web/ServerNodesWSService, aka SAP Security Note 2235994.
EPSS
Процентиль: 94%
0.13851
Средний
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-611