Vulnerabilities > CVE-2017-16349 - XXE vulnerability in SAP Business Planning and Consolidation
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
HIGH Integrity impact
NONE Availability impact
HIGH Summary
An exploitable XML external entity vulnerability exists in the reporting functionality of SAP BPC. A specially crafted XML request can cause an XML external entity to be referenced, resulting in information disclosure and potential denial of service. An attacker can issue authenticated HTTP requests to trigger this vulnerability.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Common Weakness Enumeration (CWE)
Talos
id TALOS-2018-0551 last seen 2020-01-24 published 2018-04-19 reporter Talos Intelligence source http://www.talosintelligence.com/vulnerability_reports/TALOS-2018-0551 title SAP BPC Web Application Information Disclosure Vulnerability id SAP last seen 2019-05-29 published 2018-04-19 reporter Talos Intelligence source http://www.talosintelligence.com/vulnerability_reports/SAP title SAP BPC Web Application Information Disclosure Vulnerability