4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
6.9 Medium
AI Score
Confidence
Low
0.003 Low
EPSS
Percentile
66.4%
XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request.
CPE | Name | Operator | Version |
---|---|---|---|
sap:netweaver_java_application_server | sap netweaver java application server | eq | - |
blog.onapsis.com/analyzing-sap-security-notes-october-2014-edition/
www.securityfocus.com/bid/71023
erpscan.io/advisories/erpscan-14-015-sap-netweaver-as-java-xxe/
erpscan.io/press-center/blog/sap-critical-patch-update-october-2014/
exchange.xforce.ibmcloud.com/vulnerabilities/98581
service.sap.com/sap/support/notes/2045176