QwikSec

Security Database

CVE

CWE

Training

CVE-2019-0271

Published: Mar 12, 2019

Modified: Aug 4, 2024

PUBLISHED

Description

ABAP Server (used in NetWeaver and Suite/ERP) and ABAP Platform does not sufficiently validate an XML document accepted from an untrusted source, leading to an XML External Entity (XEE) vulnerability. Fixed in Kernel 7.21 or 7.22, that is ABAP Server 7.00 to 7.31 and Kernel 7.45, 7.49 or 7.53, that is ABAP Server 7.40 to 7.52 or ABAP Platform. For more recent updates please refer to Security Note 2870067 (which supersedes the solution of Security Note 2736825) in the reference section below.

Vendor	Product	Versions
SAP SE	ABAP Server	affected `< from 7.00 to 7.31`
SAP SE	ABAP Server & Platform	affected `< from 7.40 to 7.52`

References

vdb-entry

x_refsource_BID

https://launchpad.support.sap.com/#/notes/2870067

x_refsource_CONFIRM

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=537788812

x_refsource_CONFIRM

https://launchpad.support.sap.com/#/notes/2736825

x_refsource_CONFIRM

https://wiki.scn.sap.com/wiki/pages/viewpage.action?pageId=515408080

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.