CVE-2016-4014

Name of the Vulnerable Software and Affected Versions SAP NetWeaver JAVA AS 7.4

Description The issue is related to an XML external entity (XXE) vulnerability in the UDDI component, which is caused by incorrect restriction of XML links to external objects. This can be exploited by a remote attacker to cause a denial of service (system hang) by sending a crafted XML request. The API endpoint /uddi/api/replication is specifically vulnerable to this type of attack.

Recommendations For SAP NetWeaver JAVA AS 7.4, consider disabling the UDDI component until a patch is available to prevent exploitation of the XXE vulnerability. Restrict access to the /uddi/api/replication API endpoint to minimize the risk of a denial of service attack.