6.5
CVE-2019-0271
- EPSS 0.62%
- Published 12.03.2019 22:29:00
- Last modified 21.11.2024 04:16:36
- Source cna@sap.com
- Teams watchlist Login
- Open Login
ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below.
Data is provided by the National Vulnerability Database (NVD)
SAP ≫ Advanced Business Application Programming Server Version >= 7.00 <= 7.31
SAP ≫ Advanced Business Application Programming Server Version >= 7.40 <= 7.52
SAP ≫ Sap Kernel Version7.21
SAP ≫ Sap Kernel Version7.22
SAP ≫ Sap Kernel Version7.45
SAP ≫ Sap Kernel Version7.49
SAP ≫ Sap Kernel Version7.53
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.62% | 0.689 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 4 | 8 | 2.9 |
AV:N/AC:L/Au:S/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.