Improper input validation in Sap Advanced_business_application_programming_platform

CVE-2019-0271

ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.015 (70.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.

Affected products

Weakness classification (CWE)

References

  • cna@sap.com (vdb-entry, Broken Link, x_refsource_BID)
  • cna@sap.com (Vendor Advisory, Permissions Required, x_refsource_CONFIRM)
  • cna@sap.com (x_refsource_CONFIRM, Vendor Advisory)
  • cna@sap.com (Vendor Advisory, Permissions Required, x_refsource_CONFIRM)
  • cna@sap.com (x_refsource_CONFIRM, Vendor Advisory)

Frequently asked questions

What is CVE-2019-0271?
CVE-2019-0271 is a medium-severity vulnerability in Sap Advanced_business_application_programming_platform, classified under Improper Input Validation. CVSS score: 6.5/10. Published 2019-03-12.
How severe is CVE-2019-0271?
Medium severity. CVSS v3 base score is 6.5 out of 10.