Vulnerabilities > CVE-2016-4014 - Unspecified vulnerability in SAP Netweaver 7.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
LOW Integrity impact
LOW Availability impact
HIGH Summary
XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Packetstorm
| data source | https://packetstormsecurity.com/files/download/137919/ERPSCAN-16-020.txt |
| id | PACKETSTORM:137919 |
| last seen | 2016-12-05 |
| published | 2016-07-14 |
| reporter | Vahagn Vardanyan |
| source | https://packetstormsecurity.com/files/137919/SAP-NetWeaver-AS-JAVA-7.4-XXE-Injection.html |
| title | SAP NetWeaver AS JAVA 7.4 XXE Injection |
References
- http://seclists.org/fulldisclosure/2016/Jul/45
- http://packetstormsecurity.com/files/137919/SAP-NetWeaver-AS-JAVA-7.4-XXE-Injection.html
- https://erpscan.io/press-center/blog/dos-vulnerabilities-on-the-rise-sap-security-notes-april-2016/
- https://erpscan.io/advisories/erpscan-16-020-sap-netweaver-java-uddi-component-xxe-vulnerability/