Vulnerabilities > CVE-2014-8590 - Unspecified vulnerability in SAP Netweaver Java Application Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/
- http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/
- http://www.securityfocus.com/bid/71023
- http://www.securityfocus.com/bid/71023
- https://erpscan.io/advisories/erpscan-14-015-sap-netweaver-as-java-xxe/
- https://erpscan.io/advisories/erpscan-14-015-sap-netweaver-as-java-xxe/
- https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/
- https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98581
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98581
- https://service.sap.com/sap/support/notes/2045176
- https://service.sap.com/sap/support/notes/2045176