XML External Entity Vulnerability in SAP HANA Extended Application Services
CVE-2019-0277

6.5MEDIUM

Key Information:

Vendor

SAP
Status
SAP Hana Extended Application Services
Vendor
CVE Published:
12 March 2019

What is CVE-2019-0277?

An XML External Entity vulnerability exists in SAP HANA Extended Application Services, where insufficient validation of XML documents can be exploited by authenticated developers with appropriate privileges. This flaw could potentially allow an attacker to access sensitive data, conduct further attacks, or exploit the application's environment, thereby compromising system security.

Affected Version(s)

SAP HANA Extended Application Services < 1

References

https://launchpad.support.sap.com/#/notes/2764283
x_refsource_MISC
https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageI...
x_refsource_MISC
http://www.securityfocus.com/bid/107356
vdb-entryx_refsource_BID

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.