XML External Entity Vulnerability in SAP Business Process Automation by Redwood
CVE-2018-2401

5.4MEDIUM

Key Information:

Vendor
SAP
Status
SAP Business Process Automation (bpa) By Redwood
Vendor
CVE Published:
14 March 2018

Summary

The SAP Business Process Automation (BPA) by Redwood is vulnerable to an XML External Entity (XXE) attack due to insufficient validation of XML documents received from untrusted sources. This vulnerability may allow an attacker to interfere with the processing of XML data, potentially leading to the disclosure of sensitive information, denial of service, or other harmful actions.

Affected Version(s)

SAP Business Process Automation (BPA) By Redwood 9.00

References

https://launchpad.support.sap.com/#/notes/2596766
x_refsource_CONFIRM
https://blogs.sap.com/2018/03/13/sap-security-patch-day-m...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/103374
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.