XML External Entity Vulnerability in SAP CRM Gwsync
CVE-2014-1962

Currently unrated

Key Information:

Vendor: SAP
Status: Customer Relationship Management
Vendor: CVE Published:; 14 February 2014

Summary

The Gwsync component of SAP CRM version 7.02 EHP 2 is susceptible to an XML External Entity (XXE) vulnerability, which enables remote attackers to exploit unspecified vectors to gain unauthorized access to sensitive information. This security issue results from the improper handling of XML input, potentially allowing attackers to manipulate server responses or access confidential data stored on the server.

References

https://erpscan.io/advisories/erpscan-14-003-sap-crm-gwsy...

x_refsource_MISC

https://service.sap.com/sap/support/notes/1917054

x_refsource_CONFIRM

https://exchange.xforce.ibmcloud.com/vulnerabilities/91098

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Feb 14, 2014
Vulnerability Reserved
Feb 14, 2014