CVE-2019-0277

CWE-611 — XML External Entity (XXE)3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.7%

top 27.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Hana Extended Application Services SAP Hana Extended Application Services

Timeline

PublishedMar 12

Latest updateMay 14

Description

SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer with privileges to the SAP space (XML External Entity vulnerability).

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:HExploitability: 1.2 | Impact: 5.2

Affected Packages2 packages

▶CVEListV5sap_se/sap_hana_extended_application_services< 1

▶NVDsap/hana_extended_application_services1.0

🔴Vulnerability Details

GHSA

GHSA-4r4v-5cjx-r22j: SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer wi↗2022-05-14

▶

CVEList

CVE-2019-0277: SAP HANA extended application services, version 1, advanced does not sufficiently validate an XML document accepted from an authenticated developer wi↗2019-03-12

▶