CVE-2016-4014XML External Entity (XXE) Injection in SAP Netweaver

3 documents3 sources
Severity
8.6HIGHNVD
EPSS
6.9%
top 8.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
SAP Netweaver
Timeline
PublishedApr 14
Latest updateMay 14

Description

XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 7.4 allows remote attackers to cause a denial of service (system hang) via a crafted DTD in an XML request to uddi/api/replication, aka SAP Security Note 2254389.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:HExploitability: 3.9 | Impact: 4.7

Affected Packages1 packages

NVDsap/netweaver7.4

🔴Vulnerability Details

2
GHSA
GHSA-m8r4-h573-3frq: XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 72022-05-14
CVEList
CVE-2016-4014: XML external entity (XXE) vulnerability in the UDDI component in SAP NetWeaver JAVA AS 72016-04-14
CVE-2016-4014 — XML External Entity (XXE) Injection | cvebase