Vulnerabilities > CVE-2014-8590 - XML External Entity Information Disclosure vulnerability in SAP NetWeaver AS Java
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE network
sap
Summary
XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request. <a href="http://cwe.mitre.org/data/definitions/611.html" target="_blank">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |
References
- http://blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/
- http://www.securityfocus.com/bid/71023
- https://erpscan.io/advisories/erpscan-14-015-sap-netweaver-as-java-xxe/
- https://erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/
- https://exchange.xforce.ibmcloud.com/vulnerabilities/98581
- https://service.sap.com/sap/support/notes/2045176