Описание
Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system�s Availability by causing system to crash.
Ссылки
- Permissions RequiredVendor Advisory
- Vendor Advisory
- Permissions RequiredVendor Advisory
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:sap:netweaver:7.20:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.30:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.31:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.40:*:*:*:*:*:*:*
cpe:2.3:a:sap:netweaver:7.50:*:*:*:*:*:*:*
EPSS
Процентиль: 49%
0.00257
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-918
CWE-918
Связанные уязвимости
CVSS3: 6.5
github
больше 3 лет назад
Some part of SAP NetWeaver (EP Web Page Composer) does not sufficiently validate an XML document accepted from an untrusted source, which allows an adversary to exploit unprotected XML parking at endpoints, and a possibility to conduct SSRF attacks that could compromise system’s Availability by causing system to crash.
EPSS
Процентиль: 49%
0.00257
Низкий
6.5 Medium
CVSS3
4 Medium
CVSS2
Дефекты
CWE-918
CWE-918