PT-2019-11218 · Sap · Sap Hana
Published
2019-04-10
·
Updated
2019-04-11
·
CVE-2019-0284
CVSS v3.1
6.0
Medium
| Vector | AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
SAP HANA versions prior to 1.0
SAP HANA versions prior to 2.0
Description:
The issue concerns insufficient validation of an XML document accepted from an untrusted source in SLD Registration. An attacker can exploit this by calling SLDREG with a malicious XML file containing a reference to an XML External Entity (XXE). This can lead to SLDREG continuously looping, reading arbitrary files, or even sending local files.
Recommendations:
For versions prior to 1.0, update to version 1.0 to resolve the issue.
For versions prior to 2.0, update to version 2.0 to resolve the issue.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Hana