Vulnerabilities > CVE-2017-11457 - XXE vulnerability in SAP Netweaver Application Server Java 7.50
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
XML external entity (XXE) vulnerability in com.sap.km.cm.ice in SAP NetWeaver AS JAVA 7.5 allows remote authenticated users to read arbitrary files or conduct server-side request forgery (SSRF) attacks via a crafted DTD in an XML request, aka SAP Security Note 2387249.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |