CVE-2013-6815 — Improper Input Validation in SAP Netweaver

CWE-20 — Improper Input Validation3 documents3 sources
Severity
5.0MEDIUMNVD
EPSS
0.7%
top 27.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP Netweaver
Timeline
PublishedNov 20
Latest updateMay 14

Description

The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7.31 and earlier allows remote attackers to cause a denial of service via unspecified vectors, related to an XML External Entity (XXE) issue.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

â–¶NVDsap/netweaver7.31+8

🔴Vulnerability Details

2
GHSA
GHSA-37x6-cjg4-grcf: The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7↗2022-05-14
â–¶
CVEList
CVE-2013-6815: The SHSTI_UPLOAD_XML function in the Application Server for ABAP (AS ABAP) in SAP NetWeaver 7↗2013-11-19
â–¶
CVE-2013-6815 — Improper Input Validation in SAP | cvebase