PT-2014-4385 · Sap · Sap Crm
Published
2014-02-14
·
Updated
2018-12-10
·
CVE-2014-1962
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
SAP CRM version 7.02 EHP 2
Description
The issue allows remote attackers to obtain sensitive information via unspecified vectors, related to an XML External Entity (XXE) issue. This means that attackers can potentially access confidential data by exploiting the XXE vulnerability in the Gwsync component.
Recommendations
For SAP CRM version 7.02 EHP 2, apply the necessary patch or fix to resolve the XML External Entity (XXE) issue in the Gwsync component.
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Crm