CVE-2019-0340

CWE-611XML External Entity (XXE)3 documents3 sources
Severity
5.4MEDIUM
EPSS
0.1%
top 68.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP Enable NOWSAP Enable NOW
Timeline
PublishedAug 14
Latest updateMay 24

Description

The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnerability. This issue affects the file upload at multiple locations. An attacker can read local XXE files.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.5

Affected Packages2 packages

NVDsap/enable_now< 1902
CVEListV5sap_se/sap_enable_now< 1902

🔴Vulnerability Details

2
GHSA
GHSA-w375-34xx-jhpq: The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnera2022-05-24
CVEList
CVE-2019-0340: The XML parser, which is being used by SAP Enable Now, before version 1902, has not been hardened correctly, leading to Missing XML Validation vulnera2019-08-14
CVE-2019-0340 (MEDIUM CVSS 5.4) | The XML parser | cvebase.io