PT-2019-2025 · Sap · Sap Netweaver
Published
2019-02-12
·
Updated
2019-03-13
·
CVE-2019-0265
CVSS v2.0
7.7
High
| Vector | AV:N/AC:L/Au:M/C:C/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
SAP NetWeaver versions prior to 7.21EXT
SAP NetWeaver versions 7.21 through 7.22
SAP NetWeaver version 7.49
SAP NetWeaver version 7.53
SAP NetWeaver version 7.73
SAP NetWeaver version 7.75
Description
The issue is related to errors in processing external XML objects when analyzing an XML file, which can lead to a denial of service. An attacker can exploit this by sending a specially crafted request, potentially causing the service to crash or become unavailable.
Recommendations
For versions prior to 7.21EXT, update to version 7.21EXT or later.
For versions 7.21 through 7.22, update to version 7.22EXT or later.
For version 7.49, update to a later version.
For version 7.53, update to a later version.
For version 7.73, update to a later version.
For version 7.75, update to a later version.
Fix
XXE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Sap Netweaver