Sap · Sap Sybase Adaptive Server Enterprise · CVE-2013-6025
**Name of the Vulnerable Software and Affected Versions**
SAP Sybase Adaptive Server Enterprise (ASE) version 15.7 ESD 2
**Description**
The issue allows remote authenticated users to read arbitrary files via a SQL statement containing an XML document with an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.
**Recommendations**
For SAP Sybase Adaptive Server Enterprise (ASE) version 15.7 ESD 2, consider restricting access to the XMLParse procedure to minimize the risk of exploitation. As a temporary workaround, consider disabling the XMLParse procedure until a patch is available.