Vulnerabilities > CVE-2016-3974 - XML External Entity Injection vulnerability in SAP Netweaver 7.40
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
XML external entity (XXE) vulnerability in the Configuration Wizard in SAP NetWeaver Java AS 7.1 through 7.5 allows remote attackers to cause a denial of service, conduct SMB Relay attacks, or access arbitrary files via a crafted XML request to _tc~monitoring~webservice~web/ServerNodesWSService, aka SAP Security Note 2235994. <a href="http://cwe.mitre.org/data/definitions/611.html">CWE-611: Improper Restriction of XML External Entity Reference ('XXE')</a>
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | SAP NetWeaver AS JAVA 7.1 - 7.5 - ctcprotocol Servlet XXE. CVE-2016-3974. Webapps exploit for java platform |
| file | exploits/java/webapps/39995.txt |
| id | EDB-ID:39995 |
| last seen | 2016-06-21 |
| modified | 2016-06-21 |
| platform | java |
| port | |
| published | 2016-06-21 |
| reporter | ERPScan |
| source | https://www.exploit-db.com/download/39995/ |
| title | SAP NetWeaver AS JAVA 7.1 - 7.5 - ctcprotocol Servlet XXE |
| type | webapps |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/137527/ERPSCAN-16-013.txt |
| id | PACKETSTORM:137527 |
| last seen | 2016-12-05 |
| published | 2016-06-17 |
| reporter | Vahagn Vardanyan |
| source | https://packetstormsecurity.com/files/137527/SAP-NetWeaver-AS-JAVA-7.5-XXE-Injection.html |
| title | SAP NetWeaver AS JAVA 7.5 XXE Injection |
References
- http://packetstormsecurity.com/files/137527/SAP-NetWeaver-AS-JAVA-7.5-XXE-Injection.html
- http://seclists.org/fulldisclosure/2016/Jun/41
- https://erpscan.io/advisories/erpscan-16-013-sap-netweaver-7-4-ctcprotocol-servlet-xxe/
- https://erpscan.io/press-center/blog/sap-security-notes-march-2016-review/
- https://www.exploit-db.com/exploits/39995/