CVE-2013-6025

Name of the Vulnerable Software and Affected Versions SAP Sybase Adaptive Server Enterprise (ASE) version 15.7 ESD 2

Description The issue allows remote authenticated users to read arbitrary files via a SQL statement containing an XML document with an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Recommendations For SAP Sybase Adaptive Server Enterprise (ASE) version 15.7 ESD 2, consider restricting access to the XMLParse procedure to minimize the risk of exploitation. As a temporary workaround, consider disabling the XMLParse procedure until a patch is available.