Improper input validation in Sap Advanced_business_application_programming_platform
CVE-2019-0271
ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.015 (70.3th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Affected products
- Sap Advanced_business_application_programming_platform
- Sap Advanced_business_application_programming_server
- Sap Sap_kernel — versions 7.21, 7.22, 7.45
- Sap Se Abap Server — versions < from 7.00 to 7.31
- Sap Se Abap Server & Platform — versions < from 7.40 to 7.52
Weakness classification (CWE)
References
- cna@sap.com (vdb-entry, Broken Link, x_refsource_BID)
- cna@sap.com (Vendor Advisory, Permissions Required, x_refsource_CONFIRM)
- cna@sap.com (x_refsource_CONFIRM, Vendor Advisory)
- cna@sap.com (Vendor Advisory, Permissions Required, x_refsource_CONFIRM)
- cna@sap.com (x_refsource_CONFIRM, Vendor Advisory)
Frequently asked questions
- What is CVE-2019-0271?
- CVE-2019-0271 is a medium-severity vulnerability in Sap Advanced_business_application_programming_platform, classified under Improper Input Validation. CVSS score: 6.5/10. Published 2019-03-12.
- How severe is CVE-2019-0271?
- Medium severity. CVSS v3 base score is 6.5 out of 10.