CVE-2019-0340

Name of the Vulnerable Software and Affected Versions SAP Enable Now versions prior to 1902

Description The issue is related to the XML parser used by SAP Enable Now, which has not been properly hardened, leading to a Missing XML Validation vulnerability. This vulnerability affects file uploads at multiple locations, allowing an attacker to read local XXE files. The vulnerability is associated with errors in XML link restrictions, which can be exploited by a remote attacker to gain unauthorized access to protected information by reading XXE text files.

Recommendations For versions prior to 1902, update to version 1902 or later to resolve the issue. As a temporary workaround, consider restricting file uploads to minimize the risk of exploitation.