CVE-2019-0271

medium

Description

ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below.

References

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080

https://launchpad.support.sap.com/#/notes/2870067

https://launchpad.support.sap.com/#/notes/2736825

http://www.securityfocus.com/bid/107355

Details

Source: Mitre, NVD

Published: 2019-03-12

Updated: 2022-04-18

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Severity: Medium