CVE-2020-6187XML External Entity (XXE) Injection in SE SAP Netweaver

CWE-611XML External Entity (XXE) Injection3 documents3 sources
Severity
4.9MEDIUMNVD
EPSS
0.3%
top 45.69%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SAP SE SAP NetweaverSAP Netweaver Guided Procedures
Timeline
PublishedFeb 12
Latest updateMay 24

Description

SAP NetWeaver (Guided Procedures), versions 7.10, 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not sufficiently validate an XML document input from a compromised admin, leading to Denial of Service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:HExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

CVEListV5sap_se/sap_netweaver7 versions+6

🔴Vulnerability Details

2
GHSA
GHSA-x3g8-jv8c-3mvc: SAP NetWeaver (Guided Procedures), versions 72022-05-24
CVEList
CVE-2020-6187: SAP NetWeaver (Guided Procedures), versions 72020-02-12
CVE-2020-6187 — XML External Entity (XXE) Injection | cvebase