CVE-2021-27604

CWE-611 — XML External Entity (XXE)3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.3%

top 43.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

SAP SE SAP Process Integration (enterprise Service Repository Java Mappings)SAP Netweaver Process Integration

Timeline

PublishedApr 14

Latest updateMay 24

Description

In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Repository JAVA Mappings), versions - 7.10, 7.20, 7.30, 7.31, 7.40, 7.50, SAP recommends to refer this note.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5sap_se/sap_process_integration_(enterprise_service_repository_java_mappings)< 7.10+5

▶NVDsap/netweaver_process_integration6 versions+5

🔴Vulnerability Details

GHSA

GHSA-98g3-884p-c9q5: In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Reposit↗2022-05-24

▶

CVEList

CVE-2021-27604: In order to prevent XML External Entity vulnerability in SAP NetWeaver ABAP Server and ABAP Platform (Process Integration - Enterprise Service Reposit↗2021-04-14

▶