Missing XML Validation Vulnerability in SAP Enable Now
CVE-2019-0340
5.4MEDIUM
What is CVE-2019-0340?
The XML parser utilized in SAP Enable Now prior to version 1902 is not properly hardened, creating a potential for a Missing XML Validation vulnerability. This flaw allows attackers to exploit the file upload functionalities located at various points within the system, potentially enabling unauthorized access to local files through XML External Entity (XXE) attacks. As a result, sensitive information may be exposed if adequate security measures are not implemented.
Affected Version(s)
SAP Enable Now < 1902