Roman Bezhan

**Name of the Vulnerable Software and Affected Versions** SAP Solman versions 7.1 through 7.31 **Description** The issue allows remote attackers to obtain sensitive information. This is achieved via `webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd` requests. **Recommendations** For SAP Solman versions 7.1 through 7.31, consider restricting access to the `webdynpro/dispatcher/sap.com/caf~eu~gp~example~timeoff~wd` endpoint until a fix is available.

**Name of the Vulnerable Software and Affected Versions** SAP NetWeaver versions 7.4 **Description** The issue exists due to a lack of access restrictions to external objects contained in links within a processed XML file. This can be exploited by a remote attacker to cause a denial of service or trigger access to an external resource using a specially crafted XML file. The vulnerability also allows remote attackers to read arbitrary files and possibly have other unspecified impact via crafted XML data. **Recommendations** For SAP NetWeaver version 7.4, apply the fix as described in SAP Security Note 2168485 to resolve the issue. As a temporary workaround, consider restricting access to external entities in XML files to minimize the risk of exploitation.