CVE-2019-0271

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 12-03-2019 11:29

Last modified: - 18-04-2022 04:25

Total changes: - 3

Description

ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Low

Attack complexity

Network

Attack vector

High

Availability

None

Confidentiality

None

Integrity

Low

Privileges required

Unchanged

Scope

None

User interaction

6.5

Base score

2.8

3.6

Exploitability score

Impact score

Verification logic

vendor=sap AND product=advanced_business_application_programming_server AND versionEndIncluding=7.52 AND versionStartIncluding=7.40

vendor=sap AND product=advanced_business_application_programming_server AND versionEndIncluding=7.31 AND versionStartIncluding=7.00

vendor=sap AND product=advanced_business_application_programming_platform AND version=-

vendor=sap AND product=sap_kernel AND version=7.22

vendor=sap AND product=sap_kernel AND version=7.21

vendor=sap AND product=sap_kernel AND version=7.49

vendor=sap AND product=sap_kernel AND version=7.45

vendor=sap AND product=sap_kernel AND version=7.53

Reference

Keywords

CVE-2019-0271

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2019-0271

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures